Nariod / ronflex
Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pentesters. Written in Rust.
☆13Updated last year
Alternatives and similar repositories for ronflex:
Users that are interested in ronflex are comparing it to the libraries listed below
- ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.☆44Updated last year
- Rust Implementation of SharpDllProxy for DLL Proxying Technique☆29Updated 2 years ago
- Items related to the RedELK workshop given at security conferences☆27Updated last year
- RegStrike is a .reg payload generator☆57Updated last year
- Reasonably undetected shellcode stager and executer.☆35Updated 4 months ago
- in-process powershell runner for BRC4☆45Updated last year
- ☆58Updated last year
- idk man this was the default github name☆35Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆73Updated last year
- Event Tracing for Windows EDR bypass in Rust☆16Updated 7 months ago
- exfiltration/infiltration toolkit☆23Updated last year
- ShootCutMe an .LNK file creator tool for redteamer☆13Updated 3 months ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆36Updated 2 years ago
- ☆46Updated last year
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆33Updated 7 months ago
- Duplicate not owned Token from Running Process☆72Updated last year
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆51Updated last year
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆83Updated 2 years ago
- PhantomsGate: Advanced Shellcode Injection Technique☆25Updated 6 months ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆13Updated this week
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 6 months ago
- malleable profile generator GUI for Havoc☆56Updated last year
- Creation and removal of Defender path exclusions and exceptions in C#.☆30Updated last year
- Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10☆37Updated 2 years ago
- Collection of Rust repos useful for Red Teamers.☆30Updated 2 years ago
- ☆47Updated last year
- ☆45Updated 2 months ago