Hagrid29 / RemotePatcherLinks
Patch AMSI and ETW in remote process via direct syscall
☆83Updated 3 years ago
Alternatives and similar repositories for RemotePatcher
Users that are interested in RemotePatcher are comparing it to the libraries listed below
Sorting:
- ☆118Updated 2 years ago
- ☆123Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆138Updated 3 years ago
- ☆137Updated 2 years ago
- TypeLib persistence technique☆135Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆69Updated last year
- Halos Gate-based NTAPI Unhooker☆51Updated 3 years ago
- A nice process dumping tool☆81Updated 3 years ago
- The code is a pingback to the Dark Vortex blog:☆180Updated 2 years ago
- Get your data from the resource section manually, with no need for windows apis☆65Updated last year
- Malware?☆74Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆120Updated 2 years ago
- ☆122Updated 2 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆132Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆124Updated 2 years ago
- Implant drop-in for EDR testing☆145Updated last year
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆110Updated 2 years ago
- ☆50Updated 3 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆197Updated last year
- ☆151Updated 2 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆108Updated 2 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆80Updated 3 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆85Updated 2 years ago
- I have documented all of the AMSI patches that I learned till now☆74Updated 7 months ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆161Updated 4 years ago
- A small NtCreateUserProcess PoC that spawns a Command prompt.☆100Updated 3 years ago
- bring your own vulnerable driver☆111Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆177Updated 2 years ago
- ☆129Updated last year
- abusing Process Hacker driver to terminate other processes (BYOVD)☆84Updated 2 years ago