MaorSabag / TrueSightKiller
CPP AV/EDR Killer
☆352Updated 11 months ago
Related projects ⓘ
Alternatives and complementary repositories for TrueSightKiller
- Process injection alternative☆299Updated 2 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆275Updated 3 months ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆265Updated 6 months ago
- not a reverse-engineered version of the Cobalt Strike Beacon☆334Updated 7 months ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆241Updated 4 months ago
- windows-rs shellcode loaders☆282Updated 3 months ago
- Bypassing UAC with SSPI Datagram Contexts☆409Updated last year
- Collection of Beacon Object Files (BOF) for Cobalt Strike☆531Updated 3 months ago
- Terminate AV/EDR Processes using kernel driver☆336Updated last year
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆380Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆240Updated 5 months ago
- Collection of UAC Bypass Techniques Weaponized as BOFs☆405Updated 8 months ago
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆438Updated 8 months ago
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆368Updated 4 months ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆321Updated 10 months ago
- UAC Bypass By Abusing Kerberos Tickets☆476Updated last year
- Use hardware breakpoint to dynamically change SSN in run-time☆232Updated 7 months ago
- Credential Guard Bypass Via Patching Wdigest Memory☆309Updated last year
- A list of python tools to help create an OPSEC-safe Cobalt Strike profile.☆370Updated 8 months ago
- Go shellcode loader that combines multiple evasion techniques☆352Updated last year
- ☆311Updated 11 months ago
- CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code☆317Updated 4 months ago
- shellcode loader for your evasion needs☆262Updated this week
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆471Updated last year
- micr0shell is a Python script that dynamically generates Windows X64 PIC Null-Free reverse shell shellcode.☆152Updated 3 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆465Updated 4 months ago
- Evasive shellcode loader☆234Updated 3 weeks ago
- Some POCs for my BYOVD research and find some vulnerable drivers☆122Updated last month