MerlynXS / S-500-G2-Rat-Hvnc-Hidden-Broswers-Hidden-Apps-OperaGX-Rat-Remote-Malware
☆57Updated this week
Related projects: ⓘ
- Extracting Syscall Stub, Modernized☆60Updated 2 years ago
- My implementation of Halo's Gate technique in C#☆51Updated 2 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆53Updated 2 years ago
- Small POC for process ghosting☆39Updated 2 years ago
- Unhook DLL via cleaning the DLL 's .text section☆9Updated 3 years ago
- Using syscall to load shellcode, Evasion techniques☆27Updated 3 years ago
- MappingInjection via csharp☆37Updated 2 years ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆76Updated 2 years ago
- Bypass AMSI☆14Updated 3 years ago
- C# Tool to interact with MS Exchange based on MS docs☆98Updated last year
- ☆18Updated this week
- ☆39Updated this week
- ☆66Updated this week
- RDPThief donut shellcode inject into mstsc☆74Updated 3 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆79Updated last year
- Quick python script to replace the NtAPI functions within SysWhispers' assembly and header files with random strings☆24Updated 2 years ago
- C# Port of LdapRelayScan☆77Updated 2 years ago
- Cobalt Strike BOF for quser.exe implementation using Windows API☆82Updated last year
- Load PE via XML Attribute☆28Updated 4 years ago
- Hide code from dnSpy and other C# spying tools☆40Updated 3 years ago
- ☆42Updated this week
- C# loader capable of running stage-1 from remote url, file path as well as file share☆14Updated last year
- ☆42Updated this week
- Beacon Object File to locate and suspend the threads hosting the Event Log service☆24Updated 2 years ago
- Bypass Windows defender syscall☆17Updated 3 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Updated 3 years ago
- Cobaltstrike BOF to unhook any Nt api☆14Updated last year
- Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.☆105Updated 2 years ago
- SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#☆62Updated last year
- DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking)☆63Updated last year