EgeBalci / deoptimizer
Evasion by machine code de-optimization.
☆330Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for deoptimizer
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆255Updated 9 months ago
- Threadless Process Injection through entry point hijacking☆334Updated 2 months ago
- ROP-based sleep obfuscation to evade memory scanners☆322Updated 8 months ago
- Process Injection using Thread Name☆240Updated 2 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆297Updated 3 months ago
- Call stack spoofing for Rust☆298Updated 2 months ago
- Because AV evasion should be easy.☆306Updated 3 months ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆220Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆241Updated 5 months ago
- Admin to Kernel code execution using the KSecDD driver☆237Updated 6 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆623Updated last year
- PoCs for Kernelmode rootkit techniques research.☆334Updated this week
- For when DLLMain is the only way☆349Updated 2 weeks ago
- Shoggoth: Asmjit Based Polymorphic Encryptor☆677Updated 7 months ago
- Dynamically invoke arbitrary unmanaged code☆314Updated last month
- TartarusGate, Bypassing EDRs☆530Updated 2 years ago
- Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)☆320Updated 8 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆324Updated 5 months ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆337Updated 9 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆486Updated 7 months ago
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆111Updated 2 months ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆208Updated last year
- Performing Indirect Clean Syscalls☆477Updated last year
- A small x64 library to load dll's into memory.☆424Updated last year
- A tutorial on how to write a packer for Windows!☆245Updated 10 months ago
- Analyse your malware to surgically obfuscate it☆413Updated last year
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆238Updated last year
- Patching "signtool.exe" to accept expired certificates for code-signing.☆268Updated 3 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆343Updated last week
- Unorthodox and stealthy way to inject a DLL into the explorer using icons☆296Updated 4 months ago