BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
☆25Jul 5, 2023Updated 2 years ago
Alternatives and similar repositories for NerfDefender
Users that are interested in NerfDefender are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆83Nov 1, 2023Updated 2 years ago
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once☆23Jul 14, 2022Updated 3 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Click Once + App Domain☆67Feb 23, 2026Updated last month
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 11 months ago
- Powershell and python utilties for Entra Connect☆29Jun 5, 2025Updated 10 months ago
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- Python C2 with JScript Implant☆15Nov 15, 2023Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- ☆17Jan 9, 2025Updated last year
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- NordVPN Threat Protection Pro™ • AdTake your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
- A VSCode devcontainer for development of COFF files with batteries included.☆50Jul 10, 2023Updated 2 years ago
- Parse SDDL strings☆37Apr 1, 2024Updated 2 years ago
- ☆24Feb 1, 2025Updated last year
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆40Jan 14, 2024Updated 2 years ago
- Splitting and executing shellcode across multiple pages☆104Jun 8, 2023Updated 2 years ago
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆166Jan 4, 2024Updated 2 years ago
- A small go tool to upload JSON files to the BloodHound community edition API☆32May 29, 2024Updated last year
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- ☆79Aug 2, 2023Updated 2 years ago
- ☆31Jul 26, 2024Updated last year
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated 2 months ago
- I have documented all of the AMSI patches that I learned till now☆73Nov 4, 2025Updated 5 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆79Oct 27, 2025Updated 5 months ago
- PoC-Malware-TTPs☆48Mar 26, 2023Updated 3 years ago
- reboot of https://github.com/Genetic-Malware/Ebowla in order to simplify / modernize the codebase and provide ongoing support☆23Sep 15, 2021Updated 4 years ago
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 11 months ago
- A small executable to trick a user to authenticate using code matching MFA☆68Oct 6, 2023Updated 2 years ago
- Exploiting the KsecDD Windows driver through Server Silos☆77Nov 11, 2024Updated last year
- A simple BOF that disables some logging with NtSetInformationProcess☆14Oct 13, 2023Updated 2 years ago
- ☆75Jun 17, 2025Updated 9 months ago
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆205Aug 25, 2023Updated 2 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 3 years ago