A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to custom proxy.
☆45Jun 1, 2025Updated 8 months ago
Alternatives and similar repositories for Ebyte-ETW-Redirector
Users that are interested in Ebyte-ETW-Redirector are comparing it to the libraries listed below
Sorting:
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54May 12, 2025Updated 9 months ago
- Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…☆27May 13, 2025Updated 9 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…☆62May 16, 2025Updated 9 months ago
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 9 months ago
- Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…☆59Oct 10, 2025Updated 4 months ago
- ☆26Aug 11, 2025Updated 6 months ago
- A mutliple tactics to execute shellcode in go :}☆23Apr 21, 2025Updated 10 months ago
- Reflective shellcode loaderwith advanced call stack spoofing and .NET support.☆226Sep 19, 2025Updated 5 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆103Apr 27, 2025Updated 10 months ago
- Obex – Blocking unwanted DLLs in user mode☆281Sep 18, 2025Updated 5 months ago
- DLL Hijacking Detection Tool☆16Jun 21, 2025Updated 8 months ago
- ☆16Jun 15, 2025Updated 8 months ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆13Jul 15, 2023Updated 2 years ago
- ☆36Feb 12, 2026Updated 2 weeks ago
- custom impacket mssqlclient☆26Sep 16, 2023Updated 2 years ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- load shellcode without P/D Invoke and VirtualProtect call.☆167Sep 2, 2025Updated 5 months ago
- Code execution/injection technique using DLL PEB module structure manipulation☆221Jun 4, 2025Updated 8 months ago
- Remote DLL Injection with Timer-based Shellcode Execution☆154Jul 18, 2025Updated 7 months ago
- Thats it! An Open-Source Windows UEFI Rootkit☆28Jul 19, 2025Updated 7 months ago
- demo unhooking functions in ntdll☆28Jul 15, 2025Updated 7 months ago
- Dynamic Indirect Syscalls via JOP/ROP in Pure no_std, no_alloc, no dependency Rust☆43Aug 6, 2025Updated 6 months ago
- hack3270 is a python3 based tool to manipulate tn3270 data streams, specifically to perform application penetration testing of mainframe …☆24Feb 21, 2026Updated last week
- Troll TaskManager, and play with it .☆30Aug 3, 2025Updated 6 months ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆25Apr 21, 2025Updated 10 months ago
- Obfuscate payloads using IPv4, IPv6, MAC or UUID strings☆23Feb 17, 2024Updated 2 years ago
- Swiss Army Knife for payload encryption, obfuscation, and conversion to byte arrays – all in a single command (14 output formats supporte…☆211Sep 20, 2025Updated 5 months ago
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆50May 5, 2025Updated 9 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆281Apr 6, 2025Updated 10 months ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- Windows Access token manipulation tool made in C#☆24Aug 24, 2025Updated 6 months ago
- Ghosting-AMSI☆18Apr 30, 2025Updated 10 months ago
- DnsClientX is an async C# library for DNS over UDP, TCP, HTTPS (DoH), and TLS (DoT). It also has a PowerShell module that can be used to …☆23Feb 19, 2026Updated last week
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆51May 22, 2025Updated 9 months ago
- Power Automate C2 (PAC2) : Stealth living-off-the-cloud C2 framework.☆36Apr 16, 2024Updated last year
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- Headers for linking your software with ntdll.dll☆15Nov 4, 2020Updated 5 years ago
- Simple Project that Extracts PE Information.☆21Apr 4, 2025Updated 10 months ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Jan 25, 2025Updated last year