BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
☆25Jul 5, 2023Updated 2 years ago
Alternatives and similar repositories for NerfDefender
Users that are interested in NerfDefender are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆83Nov 1, 2023Updated 2 years ago
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- C# loader that copies a chunk at the time of the shellcode in memory, rather that all at once☆23Jul 14, 2022Updated 3 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Click Once + App Domain☆68Feb 23, 2026Updated 3 months ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated last year
- Powershell and python utilties for Entra Connect☆29Jun 5, 2025Updated last year
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- Python C2 with JScript Implant☆15Nov 15, 2023Updated 2 years ago
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆66Aug 23, 2023Updated 2 years ago
- ☆16Jan 9, 2025Updated last year
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- A VSCode devcontainer for development of COFF files with batteries included.☆50Jul 10, 2023Updated 2 years ago
- Parse SDDL strings☆37Apr 1, 2024Updated 2 years ago
- ☆24Feb 1, 2025Updated last year
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆40Jan 14, 2024Updated 2 years ago
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 3 years ago
- A C# port from Invoke-GhostTask☆121Jan 5, 2024Updated 2 years ago
- A small go tool to upload JSON files to the BloodHound community edition API☆33May 29, 2024Updated 2 years ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆168Jan 4, 2024Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆79Aug 2, 2023Updated 2 years ago
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated 4 months ago
- ☆30Jul 26, 2024Updated last year
- I have documented all of the AMSI patches that I learned till now☆73Nov 4, 2025Updated 7 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 3 years ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆81Oct 27, 2025Updated 7 months ago
- PoC-Malware-TTPs☆48Mar 26, 2023Updated 3 years ago
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- reboot of https://github.com/Genetic-Malware/Ebowla in order to simplify / modernize the codebase and provide ongoing support☆22Sep 15, 2021Updated 4 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated last year
- A small executable to trick a user to authenticate using code matching MFA☆68Oct 6, 2023Updated 2 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆14Oct 13, 2023Updated 2 years ago
- ☆75Jun 17, 2025Updated 11 months ago
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆205Aug 25, 2023Updated 2 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 3 years ago
- ☆45Oct 16, 2023Updated 2 years ago