EvilBytecode / Evilbytecode-Anti-VM
Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.
☆18Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for Evilbytecode-Anti-VM
- GetSyscallStubCGo.☆9Updated 3 months ago
- Ransomware written in go, encrypt - decrypt.☆15Updated 4 months ago
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆16Updated 3 months ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆9Updated 3 months ago
- C# API for Nidhogg rootkit☆16Updated 6 months ago
- ☆39Updated 4 months ago
- A (quite) simple steganography algorithm to hide shellcodes within bitmap image.☆21Updated 6 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆40Updated 8 months ago
- Change hash for a signed pe☆15Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆22Updated 2 months ago
- Unhook Ntdll.dll, Go & C++.☆14Updated 4 months ago
- extract chromium-based browser's cookies using chrome's remote debugging without admin rights☆18Updated 2 weeks ago
- convert compatible dlls to shellcode with sRDI. I don't remember where this came from, so if you recognize the code, let me know and I'll…☆12Updated 7 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆21Updated last year
- Indirect NT syscalls LSASS dumper.☆36Updated last year
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…☆22Updated last year
- Research into WinSxS binaries and finding hijackable paths☆23Updated 6 months ago
- ☆33Updated 4 months ago
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆30Updated last year
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆24Updated 5 months ago
- Parent Process ID Spoofing, coded in CGo.☆21Updated 4 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆39Updated 11 months ago
- Create Anti-Copy DRM Malware☆46Updated 3 months ago
- Persistence via Shell Extensions☆62Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆55Updated last year
- Section-based payload obfuscation technique for x64☆58Updated 3 months ago
- stack spoofing☆53Updated this week
- ☆21Updated 6 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆42Updated 8 months ago
- A simple rpc2socks alternative in pure Go.☆24Updated 4 months ago