EvilBytecode / GetSyscallStubGo

Related projects ⓘ

Alternatives and complementary repositories for GetSyscallStubGo

• EvilBytecode / Evilbytecode-Anti-VM
  Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.
  ☆18Updated 3 months ago
• EvilBytecode / Nyx-Full-Dll-Unhook
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆16Updated 3 months ago
• EvilBytecode / SsnRetrieval
  Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…
  ☆9Updated 3 months ago
• EvilBytecode / ThunderKitty-Ransomware
  Ransomware written in go, encrypt - decrypt.
  ☆15Updated 4 months ago
• EvilBytecode / Ntdll-Unhook
  Unhook Ntdll.dll, Go & C++.
  ☆14Updated 4 months ago
• cbrnrd / maliketh
  🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
  ☆40Updated 8 months ago
• Idov31 / NidhoggCSharpApi
  C# API for Nidhogg rootkit
  ☆16Updated 6 months ago
• Teach2Breach / dll2shell
  convert compatible dlls to shellcode with sRDI. I don't remember where this came from, so if you recognize the code, let me know and I'll…
  ☆12Updated 7 months ago
• EvilBytecode / PPID-Spoofing
  Parent Process ID Spoofing, coded in CGo.
  ☆21Updated 4 months ago
• Offensive-Panda / D3MPSEC
  "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…
  ☆22Updated 2 months ago
• Uri3n / Advanced-TLS-Injection
  Threadless injection via TLS callbacks
  ☆15Updated this week
• Meowmycks / etwunhook
  Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.
  ☆42Updated 8 months ago
• EspressoCake / DefenderPathExclusions
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆30Updated last year
• Faran-17 / EarlyBird-APC-Injection
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆30Updated last year
• Orange-Cyberdefense / EDRSnowblast
  This project is an EDRSandblast fork, adding some features and custom pieces of code.
  ☆21Updated last year
• b4rth0v5k1 / EarlyBirdNTDLL
  ☆34Updated last year
• Crowdfense / CVE-2024-21338
  Windows AppLocker Driver (appid.sys) LPE
  ☆36Updated 3 months ago
• keowu / InstrumentationCallbackToolKit
  A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…
  ☆22Updated last year
• pygrum / gimmick
  Section-based payload obfuscation technique for x64
  ☆58Updated 3 months ago
• tykawaii98 / CVE-2024-21338_PoC
  ☆39Updated 4 months ago
• zimnyaa / smbsocks
  A simple rpc2socks alternative in pure Go.
  ☆24Updated 4 months ago
• AlSch092 / HideStaticReferences
  Research into removing strings & API call references at compile-time (Anti-Analysis)
  ☆24Updated 5 months ago
• Cracked5pider / kaine-assembly
  a demo module for the kaine agent to execute and inject assembly modules
  ☆37Updated 2 months ago
• Teach2Breach / noldr
  Dynamically resolve API function addresses at runtime in a secure manner.
  ☆46Updated last month
• farinap5 / bitmap4shell
  A (quite) simple steganography algorithm to hide shellcodes within bitmap image.
  ☆21Updated 6 months ago
• rbmm / RtlClone
  ☆27Updated 4 months ago
• NtDallas / Fenrir
  stack spoofing
  ☆53Updated this week
• Cracked5pider / eop24-26229
  A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user
  ☆34Updated 3 months ago
• HulkOperator / AuthStager
  ☆37Updated 3 weeks ago