BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
☆24Jul 5, 2023Updated 2 years ago
Alternatives and similar repositories for NerfDefender
Users that are interested in NerfDefender are comparing it to the libraries listed below
Sorting:
- ☆83Nov 1, 2023Updated 2 years ago
- C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once☆23Jul 14, 2022Updated 3 years ago
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 9 months ago
- Python C2 with JScript Implant☆15Nov 15, 2023Updated 2 years ago
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- A VSCode devcontainer for development of COFF files with batteries included.☆50Jul 10, 2023Updated 2 years ago
- ☆17Jan 9, 2025Updated last year
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 10 months ago
- Parse SDDL strings☆37Apr 1, 2024Updated last year
- ☆24Feb 1, 2025Updated last year
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- ☆79Aug 2, 2023Updated 2 years ago
- Click Once + App Domain☆64Updated this week
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆13Oct 13, 2023Updated 2 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated last year
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- ☆31Jul 26, 2024Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆76Nov 11, 2024Updated last year
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆40Jan 14, 2024Updated 2 years ago
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated last month
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- A small go tool to upload JSON files to the BloodHound community edition API☆29May 29, 2024Updated last year
- Table of AD and Azure assets and whether they belong to Tier Zero☆26Sep 12, 2023Updated 2 years ago
- A small executable to trick a user to authenticate using code matching MFA☆68Oct 6, 2023Updated 2 years ago
- A python library to create BloodHound OpenGraphs☆53Feb 4, 2026Updated 3 weeks ago
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆76Oct 27, 2025Updated 4 months ago
- Steal/Inject Chrome cookies over the DevTools (--remote-debugging-port) protocol.☆114May 19, 2023Updated 2 years ago
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- Powershell and python utilties for Entra Connect☆28Jun 5, 2025Updated 8 months ago
- I have documented all of the AMSI patches that I learned till now☆74Nov 4, 2025Updated 3 months ago
- ☆74Jun 17, 2025Updated 8 months ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 2 years ago
- Request device ticket/token using the device's MSA☆38Aug 25, 2025Updated 6 months ago