MrEmpy / Reaper
γπγProof of concept on BYOVD attack
β147Updated 6 months ago
Related projects: β
- β131Updated 3 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.β164Updated 8 months ago
- Execute shellcode files with rundll32β171Updated 7 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reductiβ¦β193Updated 3 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, fβ¦β142Updated 3 months ago
- Patching AmsiOpenSession by forcing an error branchingβ141Updated last year
- β119Updated last month
- NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Wβ¦β144Updated 4 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printingβ139Updated 4 months ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development courseβ171Updated last year
- Extracting NetNTLM without touching lsass.exeβ223Updated 9 months ago
- β172Updated 9 months ago
- Evasive Golang Loaderβ129Updated last month
- Command and Control (C2) frameworkβ122Updated 5 months ago
- Shaco is a linux agent for havocβ137Updated 10 months ago
- Patch AMSI and ETWβ227Updated 4 months ago
- Just another C2 Redirector using CloudFlare.β76Updated 4 months ago
- This repository implements Threadless Injection in Cβ150Updated 8 months ago
- C2 Infrastructure Automationβ82Updated last month
- reflectively load and execute PEs locally and remotely bypassing EDR hooksβ151Updated 8 months ago
- β142Updated 11 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactionsβ242Updated last month
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.β266Updated 9 months ago
- Havoc C2 profile generatorβ55Updated this week
- Run Your Payload Without Running Your Payloadβ174Updated last year
- My implementation of the GIUDA project in C++β152Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's sectionβ147Updated 9 months ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"β114Updated 2 months ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methodsβ87Updated last year
- β174Updated 5 months ago