Hagrid29 / RemotePatcherLinks
Patch AMSI and ETW in remote process via direct syscall
☆83Updated 3 years ago
Alternatives and similar repositories for RemotePatcher
Users that are interested in RemotePatcher are comparing it to the libraries listed below
Sorting:
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆138Updated 2 years ago
- ☆137Updated 2 years ago
- ☆122Updated 2 years ago
- ☆114Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆181Updated 2 years ago
- TypeLib persistence technique☆127Updated 10 months ago
- ☆50Updated 3 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆69Updated last year
- ☆124Updated last year
- bring your own vulnerable driver☆110Updated 2 years ago
- Implant drop-in for EDR testing☆142Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆124Updated 2 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆108Updated 2 years ago
- Malware?☆74Updated 10 months ago
- Halos Gate-based NTAPI Unhooker☆51Updated 3 years ago
- A nice process dumping tool☆82Updated 3 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆198Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆121Updated 2 years ago
- Get your data from the resource section manually, with no need for windows apis☆64Updated 10 months ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆130Updated 2 years ago
- Do some DLL SideLoading magic☆86Updated last year
- Identify and exploit leaked handles for local privilege escalation.☆109Updated 2 years ago
- Encode shellcode into dictionary words for evasion and entropy reduction☆27Updated 9 months ago
- ☆152Updated last year
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆174Updated 2 years ago
- Simple BOF to read the protection level of a process☆118Updated 2 years ago
- Splitting and executing shellcode across multiple pages☆101Updated 2 years ago
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆147Updated 3 years ago
- An App Domain Manager Injection DLL PoC on steroids☆175Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago