EvilBytecode / Evilbytecode-Anti-VM
Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.
☆20Updated 7 months ago
Alternatives and similar repositories for Evilbytecode-Anti-VM:
Users that are interested in Evilbytecode-Anti-VM are comparing it to the libraries listed below
- GetSyscallStubCGo.☆10Updated 7 months ago
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆19Updated 8 months ago
- shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hooks by resolving system calls manually fro…☆9Updated 6 months ago
- Near compile-time string obfuscation for Golang☆13Updated last year
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆11Updated 7 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆70Updated 2 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆44Updated last year
- Change hash for a signed pe☆16Updated last year
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆30Updated 9 months ago
- Some anti-sandbox techniques implemented in Golang.☆10Updated last year
- Ransomware written in go, encrypt - decrypt.☆20Updated 9 months ago
- C# API for Nidhogg rootkit☆17Updated 11 months ago
- extract chromium-based browser's cookies using chrome's remote debugging without admin rights☆21Updated 5 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆38Updated 7 months ago
- Unhook Ntdll.dll, Go & C++.☆21Updated 8 months ago
- BYOVD collection☆23Updated last year
- ☆39Updated 9 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆62Updated last year
- A C# tool with more flexibility to customize scheduled task for both persistence and lateral movement in red team operation☆16Updated 3 months ago
- Parent Process ID Spoofing, coded in CGo.☆22Updated 9 months ago
- Enable-All-Tokens is a Go-based project designed to adjust and enable a list of specified privileges for the current process token on a W…☆10Updated 8 months ago
- Windows C++ Implant for Exploration C2☆29Updated 2 weeks ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆44Updated last year
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆46Updated 10 months ago
- Encode shellcode into dictionary words for evasion and entropy reduction☆25Updated 4 months ago
- A COFF Loader written in Rust☆63Updated this week
- ☆53Updated 2 months ago
- A Rust version of Mirage, a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆31Updated 3 weeks ago
- reverse engineering random malwares☆20Updated 2 months ago
- Exploiting the KsecDD Windows driver through Server Silos☆51Updated 4 months ago