BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
☆25Jul 5, 2023Updated 2 years ago
Alternatives and similar repositories for NerfDefender
Users that are interested in NerfDefender are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆83Nov 1, 2023Updated 2 years ago
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once☆23Jul 14, 2022Updated 3 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Click Once + App Domain☆67Feb 23, 2026Updated 2 months ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 11 months ago
- Powershell and python utilties for Entra Connect☆29Jun 5, 2025Updated 10 months ago
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- Python C2 with JScript Implant☆15Nov 15, 2023Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- ☆16Jan 9, 2025Updated last year
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A VSCode devcontainer for development of COFF files with batteries included.☆50Jul 10, 2023Updated 2 years ago
- Parse SDDL strings☆37Apr 1, 2024Updated 2 years ago
- ☆24Feb 1, 2025Updated last year
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆40Jan 14, 2024Updated 2 years ago
- Splitting and executing shellcode across multiple pages☆104Jun 8, 2023Updated 2 years ago
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆167Jan 4, 2024Updated 2 years ago
- A small go tool to upload JSON files to the BloodHound community edition API☆32May 29, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆79Aug 2, 2023Updated 2 years ago
- ☆31Jul 26, 2024Updated last year
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated 3 months ago
- I have documented all of the AMSI patches that I learned till now☆73Nov 4, 2025Updated 5 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆80Oct 27, 2025Updated 6 months ago
- PoC-Malware-TTPs☆49Mar 26, 2023Updated 3 years ago
- reboot of https://github.com/Genetic-Malware/Ebowla in order to simplify / modernize the codebase and provide ongoing support☆23Sep 15, 2021Updated 4 years ago
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated last year
- A small executable to trick a user to authenticate using code matching MFA☆68Oct 6, 2023Updated 2 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆14Oct 13, 2023Updated 2 years ago
- ☆75Jun 17, 2025Updated 10 months ago
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆205Aug 25, 2023Updated 2 years ago
- Exploiting the KsecDD Windows driver through Server Silos☆79Nov 11, 2024Updated last year
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 3 years ago