Kr0ff / WinMalDev
Various methods of executing shellcode
☆69Updated last year
Alternatives and similar repositories for WinMalDev:
Users that are interested in WinMalDev are comparing it to the libraries listed below
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆73Updated 7 months ago
- ☆36Updated 2 years ago
- TypeLib persistence technique☆108Updated 5 months ago
- Do some DLL SideLoading magic☆79Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆118Updated 2 years ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆46Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆36Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆83Updated 2 years ago
- API Hammering with C++20☆45Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Updated 2 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆81Updated last year
- Identify and exploit leaked handles for local privilege escalation.☆106Updated last year
- stack spoofing☆80Updated 4 months ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆122Updated 2 years ago
- Classic Process Injection with Memory Evasion Techniques implemantation☆68Updated last year
- ☆36Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆54Updated 2 years ago
- Artemis - C++ Hell's Gate Syscall Implementation☆32Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆78Updated last year
- Malware?☆69Updated 5 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆62Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆106Updated last year
- ☆121Updated last year
- I have documented all of the AMSI patches that I learned till now☆74Updated last year
- Encode shellcode into dictionary words for evasion and entropy reduction☆23Updated 4 months ago
- ☆47Updated 2 years ago
- This is my own implementation of the Perun's Fart technique by Sektor7☆68Updated 2 years ago
- ☆39Updated 2 years ago