EvilBytecode / Evilbytecode-Anti-VM
Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.
☆16Updated last month
Related projects: ⓘ
- GetSyscallStubCGo.☆8Updated last month
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆15Updated last month
- Unhook Ntdll.dll, Go & C++.☆11Updated 2 months ago
- Ransomware written in go, encrypt - decrypt.☆15Updated 2 months ago
- ☆38Updated 2 months ago
- C# API for Nidhogg rootkit☆15Updated 4 months ago
- A malicous Golang Package☆10Updated 2 months ago
- Change hash for a signed pe☆15Updated last year
- ☆13Updated last month
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆36Updated 6 months ago
- CVE-2024-41570: Havoc C2 0.7 Teamserver SSRF exploit☆34Updated last week
- Adobe Reader DC Information Leak Exploit☆21Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆20Updated this week
- ☆33Updated 2 months ago
- ☆23Updated 4 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆34Updated 9 months ago
- A (quite) simple steganography algorithm to hide shellcodes within bitmap image.☆19Updated 4 months ago
- Detect WFP filters blocking EDR communications☆49Updated 8 months ago
- Near compile-time string obfuscation for Golang☆13Updated 11 months ago
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆30Updated 10 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆41Updated 6 months ago
- Plantronics Desktop Hub LPE☆30Updated 4 months ago
- Parent Process ID Spoofing, coded in CGo.☆21Updated 2 months ago
- A simple rpc2socks alternative in pure Go.☆23Updated 2 months ago
- ☆37Updated 8 months ago
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆30Updated last month
- Ntdll Unhooking POC☆19Updated 2 years ago
- A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation☆30Updated 5 months ago
- Windows AppLocker Driver (appid.sys) LPE☆30Updated last month
- A utility that can be used to launch an executable with a DLL injected☆19Updated 10 months ago