Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pentesters. Written in Rust.
☆13May 11, 2023Updated 2 years ago
Alternatives and similar repositories for ronflex
Users that are interested in ronflex are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component☆11Aug 5, 2023Updated 2 years ago
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- ☆13Feb 25, 2023Updated 3 years ago
- Using LNK files and user input simulation to start processes under explorer.exe☆34Sep 21, 2024Updated last year
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- Tool for pivoting over SMB pipes☆16Jul 20, 2019Updated 6 years ago
- An x64 binary executing code that's not inside of it.☆17Feb 28, 2023Updated 3 years ago
- Rusty Impersonate☆104Oct 15, 2025Updated 5 months ago
- This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate a…☆57Nov 4, 2021Updated 4 years ago
- A tool to exchange decryption keys for command and control (C2) beacons and implants through DNS records.☆40Jan 7, 2023Updated 3 years ago
- cobalt strike tools☆31Nov 4, 2021Updated 4 years ago
- Indirect Syscall invocation via thread hijacking☆26May 5, 2023Updated 2 years ago
- Perform a simple scan on your OutSystems applications.☆27Mar 31, 2025Updated last year
- EDR Detector that can find what kind of endpoint solution is being used according to drivers in the system.☆94Nov 5, 2021Updated 4 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- Yet, Another Packer/Loader☆25Feb 26, 2023Updated 3 years ago
- Pathbyter is a lightning fast proof-of-concept ransomware that uses RSA wrapped AES, multiprocessing, in memory key encryption, appends e…☆26Sep 25, 2023Updated 2 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- 基于MFC框架实现的Windows进程信息查看,窗口查看,软件卸载,开机启动项,进程保护与隐藏☆11Jun 17, 2021Updated 4 years ago
- Top hashpwn rules☆20Dec 12, 2025Updated 3 months ago
- Impacket is a collection of Python classes for working with network protocols.☆12Nov 11, 2023Updated 2 years ago
- Kernel module to hide tcp connections from an attacker ip address☆11Mar 24, 2022Updated 4 years ago
- Application features: Sets visibility of its own executeable file to hidden --> Adds itself to the registry of run-on-startup application…☆11Jan 30, 2019Updated 7 years ago
- ☆22Jul 29, 2021Updated 4 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Dump Lsass Memory Using a Reflective Dll☆14Feb 4, 2022Updated 4 years ago
- A script that parses PowerView's output for GPO analysis. Integrated into bloodhound to find misconfigurations of URA, SMB signing etc☆15Feb 9, 2020Updated 6 years ago
- Generate malicious files using recently published homoglyphic-attack (CVE-2021-42694)☆18May 23, 2023Updated 2 years ago
- ☆45Apr 27, 2024Updated last year
- Disable Windows Defender All Version☆30Jan 5, 2021Updated 5 years ago
- Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.☆137Nov 10, 2021Updated 4 years ago
- A tool that adds reproducible UUIDs to YARA rules☆13Apr 24, 2024Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆91Dec 15, 2022Updated 3 years ago
- adws enumeration bof☆170Feb 16, 2026Updated last month
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Hide the TCP Connection☆22Mar 24, 2023Updated 3 years ago
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated last month
- call gates as stable comunication channel for NT x86 and Linux x86_64☆32Aug 11, 2023Updated 2 years ago
- A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.☆10Aug 2, 2021Updated 4 years ago
- 一个 HTTP隧道的 C&C ,可以用 CDN 隐藏, 免杀,流量加密,为了学习HTTP隧道而写,仅做学习交流☆15Jun 29, 2021Updated 4 years ago
- Looks for a vulnerable entry point to bypass BE Anti Cheat or other in Ring3☆17Feb 25, 2023Updated 3 years ago
- A collection of tools which integrate with Cobalt Strike (and possibly other C2 frameworks) through BOF and reflective DLL loading techni…☆18Jun 1, 2024Updated last year