BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
☆24Jul 5, 2023Updated 2 years ago
Alternatives and similar repositories for NerfDefender
Users that are interested in NerfDefender are comparing it to the libraries listed below
Sorting:
- ☆83Nov 1, 2023Updated 2 years ago
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once☆23Jul 14, 2022Updated 3 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆65Mar 19, 2024Updated 2 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated last year
- Click Once + App Domain☆67Feb 23, 2026Updated 3 weeks ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 10 months ago
- Powershell and python utilties for Entra Connect☆29Jun 5, 2025Updated 9 months ago
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- Python C2 with JScript Implant☆15Nov 15, 2023Updated 2 years ago
- ☆17Jan 9, 2025Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- A VSCode devcontainer for development of COFF files with batteries included.☆50Jul 10, 2023Updated 2 years ago
- Parse SDDL strings☆37Apr 1, 2024Updated last year
- ☆24Feb 1, 2025Updated last year
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆40Jan 14, 2024Updated 2 years ago
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆164Jan 4, 2024Updated 2 years ago
- A small go tool to upload JSON files to the BloodHound community edition API☆31May 29, 2024Updated last year
- ☆79Aug 2, 2023Updated 2 years ago
- ☆31Jul 26, 2024Updated last year
- I have documented all of the AMSI patches that I learned till now☆73Nov 4, 2025Updated 4 months ago
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated last month
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆78Oct 27, 2025Updated 4 months ago
- PoC-Malware-TTPs☆48Mar 26, 2023Updated 2 years ago
- reboot of https://github.com/Genetic-Malware/Ebowla in order to simplify / modernize the codebase and provide ongoing support☆23Sep 15, 2021Updated 4 years ago
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 11 months ago
- A small executable to trick a user to authenticate using code matching MFA☆68Oct 6, 2023Updated 2 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆14Oct 13, 2023Updated 2 years ago
- Exploiting the KsecDD Windows driver through Server Silos☆77Nov 11, 2024Updated last year
- ☆74Jun 17, 2025Updated 9 months ago
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆205Aug 25, 2023Updated 2 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 3 years ago