EvilBytecode / Ntdll-Unhook

Related projects: ⓘ

• EvilBytecode / Nyx-Full-Dll-Unhook
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆15Updated last month
• Offensive-Panda / D3MPSEC
  "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…
  ☆20Updated this week
• EvilGreys / xCommunityKit
  ☆14Updated this week
• zimnyaa / smbsocks
  A simple rpc2socks alternative in pure Go.
  ☆23Updated 2 months ago
• Offensive-Panda / WPM-MAJIC-ENTRY-POINT-INJECTION
  This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…
  ☆12Updated last month
• MaorSabag / HollowMask
  Just another Process Injection using Process Hollowing technique.
  ☆16Updated last year
• decoder-it / DFSCoerce-exe-2
  DFSCoerce exe revisited version with custom authentication
  ☆34Updated 8 months ago
• KingOfTheNOPs / EnableWebDAVClient-BOF
  Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts
  ☆17Updated last year
• Idov31 / NidhoggCSharpApi
  C# API for Nidhogg rootkit
  ☆15Updated 4 months ago
• Faran-17 / EarlyBird-APC-Injection
  Demonstration of Early Bird APC Injection - MITRE ID T1055.004
  ☆30Updated 10 months ago
• Allevon412 / SyscallTempering
  ☆25Updated last month
• EspressoCake / DefenderPathExclusions
  Creation and removal of Defender path exclusions and exceptions in C#.
  ☆29Updated 10 months ago
• Mr-Un1k0d3r / BOFCode
  Bunch of BOF files
  ☆21Updated 7 months ago
• Uri3n / Advanced-TLS-Injection
  A direct improvement to remote TLS Injection.
  ☆15Updated 3 months ago
• rbmm / SC
  shell code example
  ☆10Updated 3 weeks ago
• Uri3n / lurch
  Command and Control
  ☆23Updated last month
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆32Updated 8 months ago
• gerbsec / SmokeyObfuscator
  Rewrite to fit my needs
  ☆25Updated last month
• OffenseTeacher / Steganim
  ☆47Updated last year
• EvilBytecode / PPID-Spoofing
  Parent Process ID Spoofing, coded in CGo.
  ☆21Updated 2 months ago
• redskal / SharpAzbelt
  .NET port of Leron Gray's azbelt tool.
  ☆26Updated 11 months ago
• Orange-Cyberdefense / EDRSnowblast
  This project is an EDRSandblast fork, adding some features and custom pieces of code.
  ☆18Updated 11 months ago
• Hagrid29 / BOF-CredUI
  Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt
  ☆18Updated last year
• rasta-mouse / KerbApp
  ☆27Updated 3 months ago
• pygrum / gimmick
  Section-based payload obfuscation technique for x64
  ☆59Updated last month
• G0ldenGunSec / DayBird
  Extension functionality for the NightHawk operator client
  ☆26Updated 10 months ago
• EvilGreys / XLL-DROPPER-
  ☆28Updated this week
• snovvcrash / RemoteRegSave
  A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host
  ☆37Updated 9 months ago
• fin3ss3g0d / IoDllProxyLoad
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆50Updated 6 months ago
• ZephrFish / ADFSDump-PS
  PowerShell Implementation of ADFSDump to assist with GoldenSAML
  ☆31Updated 4 months ago