EvilBytecode / Evilbytecode-Anti-VM
Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.
☆21Updated 3 weeks ago
Alternatives and similar repositories for Evilbytecode-Anti-VM
Users that are interested in Evilbytecode-Anti-VM are comparing it to the libraries listed below
Sorting:
- Kill malawarebytes process. Can be ported to any programming language.☆9Updated 3 weeks ago
- GetSyscallStubCGo.☆10Updated 3 weeks ago
- 💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby☆10Updated 3 weeks ago
- Near compile-time string obfuscation for Golang☆13Updated last year
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆44Updated last year
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆12Updated 3 weeks ago
- Ntdll Unhooking☆12Updated 3 weeks ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆21Updated 3 weeks ago
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆30Updated 3 weeks ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆17Updated 3 weeks ago
- Change hash for a signed pe☆16Updated last year
- PoC for the Untrusted Pointer Dereference in the appid.sys driver☆16Updated last year
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆10Updated 3 weeks ago
- reverse engineering random malwares☆23Updated 3 months ago
- Unhook Ntdll.dll, Go & C++.☆22Updated 3 weeks ago
- Ransomware written in go, encrypt - decrypt.☆20Updated 2 weeks ago
- C# API for Nidhogg rootkit☆17Updated last year
- Bypasses AMSI protection through remote memory patching and parsing technique.☆37Updated this week
- A (quite) simple steganography algorithm to hide shellcodes within bitmap image.☆21Updated last year
- Parent Process ID Spoofing, coded in CGo.☆21Updated 3 weeks ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆31Updated 10 months ago
- ☆24Updated 6 months ago
- ☆39Updated 10 months ago
- ☆38Updated 2 months ago
- NailaoLoader: Hiding Execution Flow via Patching☆20Updated 2 months ago
- Detect BypassUAC using AMSI☆23Updated 2 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆25Updated 11 months ago
- 32 bit process inject shellcode to 32 bit process and 64 bit process☆32Updated 2 years ago
- Exploiting the KsecDD Windows driver through Server Silos☆70Updated 6 months ago
- Windows C++ Implant for Exploration C2☆29Updated last month