EgeBalci / deoptimizerLinks
Evasion by machine code de-optimization.
☆380Updated 10 months ago
Alternatives and similar repositories for deoptimizer
Users that are interested in deoptimizer are comparing it to the libraries listed below
Sorting:
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆289Updated last year
- ROP-based sleep obfuscation to evade memory scanners☆353Updated 3 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆675Updated last year
- Threadless Process Injection through entry point hijacking☆345Updated 8 months ago
- PoCs for Kernelmode rootkit techniques research.☆375Updated 4 months ago
- Dynamically invoke arbitrary unmanaged code☆343Updated 6 months ago
- Call stack spoofing for Rust☆335Updated 3 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆536Updated last month
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆338Updated 9 months ago
- TartarusGate, Bypassing EDRs☆585Updated 3 years ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆378Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆779Updated 10 months ago
- Process Injection using Thread Name☆272Updated last month
- Performing Indirect Clean Syscalls☆550Updated 2 years ago
- Sleep Obfuscation☆760Updated last year
- ☆542Updated last year
- ☆257Updated 2 years ago
- Shoggoth: Asmjit Based Polymorphic Encryptor☆731Updated last year
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆499Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆637Updated 2 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆285Updated last year
- Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)☆339Updated last year
- Collect Windows telemetry for Maldev☆352Updated 3 months ago
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆312Updated 7 months ago
- Some POCs for my BYOVD research and find some vulnerable drivers☆217Updated last week
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆684Updated 2 months ago
- Windows rootkit designed to work with BYOVD exploits☆198Updated 4 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆414Updated 10 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆342Updated 3 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆392Updated 3 weeks ago