Logan-Elliott / HollowGhostLinks
Process hollowing C# shellcode runner that is FUD against Microsoft Defender as of October 7, 2023.
☆20Updated last year
Alternatives and similar repositories for HollowGhost
Users that are interested in HollowGhost are comparing it to the libraries listed below
Sorting:
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆126Updated this week
- ☆118Updated 4 months ago
- A PoC for Early Cascade process injection technique.☆189Updated 6 months ago
- .NET assembly loader with patchless AMSI and ETW bypass in Rust☆51Updated 10 months ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆75Updated 3 months ago
- This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead…☆125Updated 2 months ago
- Injecting DLL into LSASS at boot☆132Updated 3 months ago
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆113Updated 7 months ago
- 🧠 The ultimate, community-curated resource for Beacon Object Files (BOFs) — tutorials, how-tos, deep dives, and reference materials.☆77Updated last week
- a port of privkit bof for havoc☆23Updated last year
- ☆189Updated last year
- Code execution/injection technique using DLL PEB module structure manipulation☆155Updated 2 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆250Updated 4 months ago
- Ghosting-AMSI☆207Updated 3 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆162Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆91Updated last year
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆168Updated 5 months ago
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆106Updated 3 weeks ago
- Heavily obfuscated PowerShell reverse shell that can bypass Windows Defender☆20Updated 7 months ago
- Generate Secure, Polymorphic, Evasive Payloads☆19Updated 2 months ago
- Malicious powershell scripts loader designed to avoid detection.☆50Updated 2 years ago
- 「⚠️」Performing a BYOVD on the truesight.sys driver☆39Updated 8 months ago
- This repo is for the youtube video where we have explained how to make a detectable reverse shell undetectable by windows defender☆27Updated last year
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆160Updated last year
- BOF with Synthetic Stackframe☆158Updated 5 months ago
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆172Updated 4 months ago
- early cascade injection PoC based on Outflanks blog post☆227Updated 9 months ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆186Updated 6 months ago
- Null-AMSI is an AMSI and ETW bypass that takes advantage of .NET types (.NET Reflection) to bypassing AV/EDR.☆71Updated last month
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆194Updated last year