EvilBytecode / RubyRedOpsLinks
π | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby
β10Updated 8 months ago
Alternatives and similar repositories for RubyRedOps
Users that are interested in RubyRedOps are comparing it to the libraries listed below
Sorting:
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsassβ165Updated 3 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.β81Updated 6 months ago
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooksβ133Updated last year
- BOF with Synthetic Stackframeβ204Updated 2 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dllβ135Updated 8 months ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniquesβ89Updated 4 months ago
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpointsβ119Updated 5 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, pβ¦β191Updated last month
- Shellcode loaderβ97Updated last year
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.β50Updated 7 months ago
- Early Bird Cryo Injections β APC-based DLL & Shellcode Injection via Pre-Frozen Job Objectsβ132Updated 8 months ago
- β139Updated last month
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified β¦β15Updated 7 months ago
- Dumping App Bound Protected Credentials & Cookies Without Privileges.β166Updated 7 months ago
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+Sβ¦β98Updated last week
- A Mythic agent for Windows written in Cβ144Updated this week
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible iβ¦β57Updated 8 months ago
- Threadless shellcode injection toolβ67Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)β195Updated 10 months ago
- γβ οΈγPerforming a BYOVD on the truesight.sys driverβ44Updated last year
- Good CLR Host with Native patchless AMSI Bypassβ97Updated 8 months ago
- A mutliple tactics to execute shellcode in go :}β23Updated 8 months ago
- Generate an Alphabetical Polymorphic Shellcodeβ133Updated 4 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!β100Updated 8 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.β127Updated last year
- Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasionβ100Updated 5 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.β95Updated 3 weeks ago
- Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspectiveβ160Updated 3 weeks ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.β100Updated last year
- β121Updated 11 months ago