EvilBytecode / Evilbytecode-Anti-VMLinks
Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.
β21Updated 3 months ago
Alternatives and similar repositories for Evilbytecode-Anti-VM
Users that are interested in Evilbytecode-Anti-VM are comparing it to the libraries listed below
Sorting:
- π | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rubyβ10Updated 3 months ago
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.β38Updated 2 months ago
- Kill malawarebytes process. Can be ported to any programming language.β11Updated 3 months ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.β21Updated 3 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.β75Updated last month
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each functionβs name,β¦β12Updated 3 months ago
- A mutliple tactics to execute shellcode in go :}β21Updated 3 months ago
- Ntdll Unhookingβ13Updated 3 months ago
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBufβ¦β46Updated 2 months ago
- Dumping App Bound Protected Credentials & Cookies Without Privileges.β59Updated 2 months ago
- Go Shellcode Loader to be Integrated in Exploration C2β27Updated 6 months ago
- Enable-All-Tokens is a Go-based project designed to adjust and enable a list of specified privileges for the current process token on a Wβ¦β10Updated 3 months ago
- Troll TaskManager, and play with it .β23Updated this week
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when β¦β85Updated 2 years ago
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ45Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentialsβ54Updated 2 months ago
- β39Updated last year
- NailaoLoader: Hiding Execution Flow via Patchingβ20Updated 5 months ago
- A C# implementation that disables Windows Firewall bypassing UACβ15Updated 9 months ago
- Execute shellcode via Bluetooth device authenticationβ40Updated 5 months ago
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged userβ41Updated 11 months ago
- find dll base addresses without PEB WALKβ138Updated 3 weeks ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.β64Updated 2 years ago
- Implementation of Indirect Syscall technique to pop a calc.exeβ105Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".β86Updated 2 years ago
- A COFF Loader written in Rustβ118Updated 2 weeks ago
- Windows C++ Implant for Exploration C2β38Updated 2 months ago
- Shellcode Loader Utilizing ETW Eventsβ64Updated 5 months ago
- A malicous Golang Packageβ14Updated 3 months ago
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strikeβ135Updated last week