Maldev-Academy / RemoteTLSCallbackInjection
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
☆225Updated 7 months ago
Related projects: ⓘ
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆164Updated 8 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆320Updated 3 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆193Updated 3 months ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆266Updated 9 months ago
- ☆242Updated 8 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆227Updated 5 months ago
- Native Syscalls Shellcode Injector☆259Updated last year
- Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!☆277Updated this week
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆227Updated 3 months ago
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆233Updated 4 months ago
- Remote Shellcode Injector☆201Updated last year
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆171Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆262Updated last year
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆282Updated last year
- Evasive Golang Loader☆129Updated last month
- Slides & Code snippets for a workshop held @ x33fcon 2024☆228Updated 3 months ago
- Weaponized HellsGate/SigFlip☆188Updated last year
- 「💀」Proof of concept on BYOVD attack☆147Updated 6 months ago
- Hide your P/Invoke signatures through other people's signed assemblies☆199Updated 6 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆301Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆142Updated 3 months ago
- Extracting NetNTLM without touching lsass.exe☆223Updated 9 months ago
- ☆238Updated this week
- Shaco is a linux agent for havoc☆137Updated 10 months ago
- Reflective DLL Injection Made Bella☆170Updated last week
- ☆155Updated 10 months ago
- Execute shellcode files with rundll32☆171Updated 7 months ago
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into W…☆144Updated 4 months ago
- ☆260Updated last year
- Open Source C&C Specification☆215Updated last month