Elmofire / efLinks
Yet another obfuscated payload generator written in Rust!
☆13Updated 2 years ago
Alternatives and similar repositories for ef
Users that are interested in ef are comparing it to the libraries listed below
Sorting:
- Using fibers to run in-memory code.☆239Updated 2 years ago
- Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST☆195Updated last year
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆259Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆230Updated 10 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆277Updated last year
- Hide shellcode by shuffling bytes into a random array and reconstruct at runtime☆202Updated 9 months ago
- Apply a divide and conquer approach to bypass EDRs☆288Updated 2 years ago
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …☆187Updated 8 months ago
- Template-based shellcode packer written in Rust, with indirect syscall support. Made with <3 for pentesters.☆312Updated 6 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆278Updated last year
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆211Updated last year
- ☆240Updated last year
- DLL proxying for lazy people☆194Updated last month
- early cascade injection PoC based on Outflanks blog post☆235Updated last year
- Generate an obfuscated DLL that will disable AMSI & ETW☆330Updated last year
- Rust For Windows Cheatsheet☆121Updated last month
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆309Updated 2 years ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆205Updated 2 years ago
- ☆290Updated 2 years ago
- ☆161Updated 6 months ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆129Updated 2 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Updated last year
- A PoC for Early Cascade process injection technique.☆204Updated 11 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆165Updated last year
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆182Updated 9 months ago
- Lateral Movement Using DCOM and DLL Hijacking☆325Updated 2 years ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆194Updated last year
- Various one-off pentesting projects written in Nim. Updates happen on a whim.☆161Updated 5 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆202Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆364Updated 10 months ago