EvilBytecode / NoMoreStealersLinks
NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.
☆86Updated last month
Alternatives and similar repositories for NoMoreStealers
Users that are interested in NoMoreStealers are comparing it to the libraries listed below
Sorting:
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆41Updated last month
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆72Updated last week
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54Updated 7 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆155Updated 3 months ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆74Updated last year
- T-1 is a shellcode loader that leverages ML techniques to detect VM environments☆35Updated last year
- .NET tool used to enrich RPC telemetry☆101Updated 6 months ago
- Troll TaskManager, and play with it .☆29Updated 4 months ago
- Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…☆106Updated last month
- UAC Bypass using CMSTP in Rust☆33Updated last year
- A unique introduction to native runtime obfuscation.☆74Updated 9 months ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆92Updated 5 months ago
- A 64 bit executable junk code engine for polymorphic malware.☆73Updated 6 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆132Updated 3 months ago
- Windows AppLocker Driver (appid.sys) LPE☆69Updated last year
- A tool to interact with Windows drivers to perform a raw disk read and parse out target files without calling standard Windows file APIs☆98Updated 3 months ago
- Prevent in-process process termination by patching exit APIs☆62Updated last month
- ☆34Updated last year
- shell code example☆63Updated last month
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆83Updated last year
- Detection of indirect syscall techniques using hardware breakpoints and vectored exception handling.☆51Updated last month
- BYOVD Technique Example using viragt64 driver☆64Updated last year
- Windows Protected Process Light toggle tool — dynamically finds offsets and patches EPROCESS using RTCore64☆62Updated 7 months ago
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆132Updated 8 months ago
- Commandline spoofing on Windows☆78Updated 3 weeks ago
- Reports on Driver, LSASS and other security services mitigations☆32Updated 3 months ago
- A slightly more fun way to disable windows defender☆49Updated 7 months ago
- Decrypting yandex browser passwords☆28Updated 8 months ago
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆49Updated 5 months ago
- KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulatio…☆129Updated 2 weeks ago