☆37Nov 8, 2024Updated last year
Alternatives and similar repositories for Spoof-RetAddr
Users that are interested in Spoof-RetAddr are comparing it to the libraries listed below
Sorting:
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆26Apr 21, 2025Updated 10 months ago
- The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23☆23Jun 19, 2025Updated 9 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆37Aug 5, 2025Updated 7 months ago
- A cmake template for crystal palace☆39Dec 20, 2025Updated 3 months ago
- ☆38Oct 16, 2025Updated 5 months ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 11 months ago
- Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…☆116Oct 30, 2025Updated 4 months ago
- ☆65Dec 19, 2024Updated last year
- Filesystem interaction via firebeam virtual machine execution☆34Updated this week
- A tool written in golang which compress using UPX and patch it with the provided PE file to make "UPX -d" flag impossible to decompress a…☆31Jan 2, 2025Updated last year
- Utilizing DLang For Offensive Operations.☆14May 29, 2025Updated 9 months ago
- ☆108Aug 21, 2024Updated last year
- A different approach to writing BOFs in rust.☆19Aug 20, 2025Updated 7 months ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- POC about how to detect windows kernel debug by pool tag.☆13Nov 29, 2023Updated 2 years ago
- A Rust template for writing Beacon Object Files (BOFs)☆113Feb 11, 2026Updated last month
- Near compile-time string obfuscation for Golang☆13Oct 3, 2023Updated 2 years ago
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆107Jan 21, 2026Updated last month
- Reverse engineering malware samples☆16Dec 3, 2021Updated 4 years ago
- Bring your own Unwind Data Framework☆77Updated this week
- a demo module for the kaine agent to execute and inject assembly modules☆41Aug 28, 2024Updated last year
- This repository contains a tool that can encrypt all type of files and give the encrypted output in the form of an encrypted shellcode. P…☆16Dec 21, 2021Updated 4 years ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆72Mar 6, 2024Updated 2 years ago
- Proxy function calls through the thread pool with ease☆31Feb 27, 2025Updated last year
- Overview of MS Defender☆118Feb 20, 2026Updated last month
- HardwareTurningPoint, Fully Go Compatible Hardware Breakpoint☆16Jan 30, 2025Updated last year
- A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system☆43Oct 30, 2024Updated last year
- Registers Vectored Exception Handlers by directly manipulating internal LdrpVectorHandlerList structure instead of calling RtlAddVectored…☆35Jan 18, 2026Updated 2 months ago
- Kill malawarebytes process. Can be ported to any programming language.☆12Apr 21, 2025Updated 10 months ago
- Lateral movement with DCOM DLL hijacking☆176Jul 4, 2025Updated 8 months ago
- Spoof the return address of any function call.☆11Jul 21, 2024Updated last year
- Detect Remote Local Credentials Dumping using a Shadow Snapshot☆32Jan 27, 2025Updated last year
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 10 months ago
- takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities☆59Mar 1, 2026Updated 2 weeks ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆140Aug 31, 2025Updated 6 months ago
- A 64 bit executable junk code engine for polymorphic malware.☆76Jun 16, 2025Updated 9 months ago
- A Crystal Palace shared library to resolve & perform syscalls☆58Oct 29, 2025Updated 4 months ago
- ☆13Dec 10, 2023Updated 2 years ago
- A Windows C++ OLE/COM Object explorer written in WTL.☆16Feb 28, 2025Updated last year