MatheuZSecurity / UnhookingLinuxEdrLinks
Attacking the cleanup_module function of a kernel module
☆41Updated last month
Alternatives and similar repositories for UnhookingLinuxEdr
Users that are interested in UnhookingLinuxEdr are comparing it to the libraries listed below
Sorting:
- Windows AppLocker Driver (appid.sys) LPE☆63Updated last year
- Linux Sleep Obfuscation☆105Updated last year
- Select any exported function in a dll as the new dll's entry point.☆81Updated 10 months ago
- CVE-2024-30090 - LPE PoC☆107Updated 10 months ago
- ☆79Updated last year
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 10 months ago
- Plantronics Desktop Hub LPE☆36Updated last year
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆78Updated 3 months ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆89Updated last year
- ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.☆119Updated 4 months ago
- A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.☆112Updated last year
- I have documented all of the AMSI patches that I learned till now☆73Updated 4 months ago
- ☆81Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆86Updated 2 years ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- Folder Or File Delete to Get System Shell on Current Session Desktop☆44Updated 7 months ago
- Some of the presentations, workshops, and labs I gave at public conferences.☆33Updated 3 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆74Updated 7 months ago
- ☆37Updated 8 months ago
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆41Updated last year
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Updated 7 months ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- POC of GITHUB simple C2 in rust☆52Updated 3 weeks ago
- A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.☆61Updated 6 months ago
- ☆100Updated last year
- A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …☆88Updated 2 years ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆50Updated last year
- Create Anti-Copy DRM Malware☆63Updated last year
- Identify and exploit leaked handles for local privilege escalation.☆109Updated 2 years ago
- Toolset to manipulate RPC clients by finding delayed services and masquerading as them☆85Updated last week