PoC for detecting and evading ETW detection of .Net Assembly.Load
☆21Aug 26, 2020Updated 5 years ago
Alternatives and similar repositories for HidingFromETW
Users that are interested in HidingFromETW are comparing it to the libraries listed below
Sorting:
- Use GZip to compress your .NET assemblies for loading with AssemblyResolve.☆20Apr 11, 2014Updated 11 years ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- ☆12Apr 7, 2022Updated 3 years ago
- It's what all the kids are talking about☆12Apr 25, 2023Updated 2 years ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- ☆14Sep 22, 2019Updated 6 years ago
- AppXSVC Service race condition - privilege escalation☆30Jul 30, 2019Updated 6 years ago
- Simple and sane compression wrapper library.☆19Oct 28, 2022Updated 3 years ago
- A port of classic netcat to C#☆34Jan 21, 2023Updated 3 years ago
- Remote code execution in Power Platform connectors via JSON deserialization☆23Mar 30, 2023Updated 2 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- About C# loader that copies a chunk at the time of the shellcode in memory in a suspended process, rather that all at once☆13Jul 14, 2022Updated 3 years ago
- ☆18Jan 12, 2026Updated last month
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- Windows Service with the implementation of the Process hollowing technique to run shellcode☆14Jul 20, 2023Updated 2 years ago
- Injection of MSIL using Cecil☆12Jul 28, 2015Updated 10 years ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆39Aug 8, 2022Updated 3 years ago
- ☆78Oct 18, 2022Updated 3 years ago
- Infect Shared Files In Memory for Lateral Movement☆193Dec 14, 2022Updated 3 years ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- Run Cobalt Strike BOFs in Brute Ratel C4!☆86Apr 15, 2025Updated 10 months ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Etwti-UnhookPOC just for test☆12Aug 23, 2022Updated 3 years ago
- ☆53Oct 20, 2020Updated 5 years ago
- A collection of useful aggressor scripts. All credits due to its authors.☆12Jul 5, 2019Updated 6 years ago
- Some stuff for PHD2021☆14May 21, 2025Updated 9 months ago
- Execute embedded Mimikatz☆13Nov 24, 2021Updated 4 years ago
- Read Memory without ReadProcessMemory for Current Process☆92Feb 13, 2022Updated 4 years ago
- Remotely dump NT hashes through Windows Crash dumps☆33Oct 29, 2024Updated last year
- DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking)☆66Nov 13, 2022Updated 3 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆136Dec 20, 2022Updated 3 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆123Mar 25, 2022Updated 3 years ago
- Deobfuscation of XorStringsNet☆14Nov 5, 2024Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- DarkCrypter encrypts your files and generates undetectable payloads to evade all anti-virus vendors.☆22Sep 1, 2022Updated 3 years ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆18Jun 29, 2024Updated last year
- A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation☆38Dec 7, 2025Updated 3 months ago
- List/Read contents of Zip files (in memory and without extraction) using CobaltStrike's Execute-Assembly☆61May 24, 2022Updated 3 years ago