Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pentesters. Written in Rust.
☆13May 11, 2023Updated 2 years ago
Alternatives and similar repositories for ronflex
Users that are interested in ronflex are comparing it to the libraries listed below
Sorting:
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- ☆13Feb 25, 2023Updated 3 years ago
- Using LNK files and user input simulation to start processes under explorer.exe☆34Sep 21, 2024Updated last year
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component☆11Aug 5, 2023Updated 2 years ago
- An x64 binary executing code that's not inside of it.☆17Feb 28, 2023Updated 3 years ago
- Indirect Syscall invocation via thread hijacking☆26May 5, 2023Updated 2 years ago
- Tool for pivoting over SMB pipes☆16Jul 20, 2019Updated 6 years ago
- ☆44Apr 27, 2024Updated last year
- A tool to exchange decryption keys for command and control (C2) beacons and implants through DNS records.☆40Jan 7, 2023Updated 3 years ago
- Pathbyter is a lightning fast proof-of-concept ransomware that uses RSA wrapped AES, multiprocessing, in memory key encryption, appends e…☆26Sep 25, 2023Updated 2 years ago
- Top hashpwn rules☆20Dec 12, 2025Updated 2 months ago
- ☆22Jul 29, 2021Updated 4 years ago
- EDR Detector that can find what kind of endpoint solution is being used according to drivers in the system.☆94Nov 5, 2021Updated 4 years ago
- Yet, Another Packer/Loader☆25Feb 26, 2023Updated 3 years ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 2 years ago
- This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate a…☆57Nov 4, 2021Updated 4 years ago
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated last week
- Zero-cost and safe interface to UEFI firmware☆29Nov 8, 2025Updated 3 months ago
- call gates as stable comunication channel for NT x86 and Linux x86_64☆32Aug 11, 2023Updated 2 years ago
- ☆33Aug 25, 2021Updated 4 years ago
- Small collection of Active Directory pentesting tools.☆32Jan 29, 2024Updated 2 years ago
- reverse socks tunneler with ntlm and proxy support☆28Nov 24, 2019Updated 6 years ago
- Enumerate valid users within Microsoft Teams and OneDrive with clean output.☆60Feb 4, 2025Updated last year
- USB Scanning device☆32Sep 16, 2025Updated 5 months ago
- adws enumeration bof☆167Feb 16, 2026Updated last week
- Obfuscate the bytes of your payload with an association dictionary☆75Nov 7, 2025Updated 3 months ago
- cobalt strike tools☆31Nov 4, 2021Updated 4 years ago
- 将PE文件进行AES加密,然后从远程拉取加载内存中实现免杀☆37Mar 1, 2023Updated 3 years ago
- Quick python script to replace the NtAPI functions within SysWhispers' assembly and header files with random strings☆28May 30, 2022Updated 3 years ago
- Caldera plugin to deploy "humans" to emulate user behavior on systems☆31Apr 26, 2024Updated last year
- Shadowsocks-like proxy written in Go☆37Dec 18, 2019Updated 6 years ago
- Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.☆136Nov 10, 2021Updated 4 years ago
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Sep 24, 2022Updated 3 years ago
- Read and save MSFS aircraft state and apply to next flight☆10Nov 11, 2025Updated 3 months ago
- GetSystem-LCI is a PowerShell script to escalate privileges from Administrator to NT AUTHORITY\SYSTEM by abusing LanguageComponentsInstal…☆36Nov 24, 2024Updated last year
- ldd for Windows - and more!☆33Dec 29, 2025Updated 2 months ago
- Updated version of PowerDNS by @domchell. Adds support for transfers over DNS A records and a few other useful features.☆84Mar 29, 2023Updated 2 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆43May 6, 2023Updated 2 years ago