Offensive-Panda / on-disk-detection-bypass
Direct syscalls Injection to bypass AV/EDR
☆9Updated 4 months ago
Related projects: ⓘ
- Cobalt Strike UDRL for memory scanner evasion.☆34Updated 9 months ago
- ☆105Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆110Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆76Updated last year
- Modified versions of the Cobalt Strike Process Injection Kit☆85Updated 7 months ago
- ☆73Updated 10 months ago
- ☆116Updated last year
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆74Updated last year
- ☆79Updated 2 weeks ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆52Updated last month
- ☆28Updated this week
- A simple BOF that frees UDRLs☆106Updated 2 years ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆75Updated 6 months ago
- Encode shellcode into dictionary words for evasion and entropy reduction☆13Updated 2 months ago
- ☆132Updated last year
- ☆99Updated 2 weeks ago
- Rewrite to fit my needs☆25Updated 2 months ago
- Do some DLL SideLoading magic☆72Updated last year
- Red Team Operation's Defense Evasion Technique.☆50Updated 3 months ago
- Simple BOF to read the protection level of a process☆101Updated last year
- Threadless shellcode injection tool☆56Updated last month
- ☆65Updated this week
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆44Updated 4 months ago
- ProcExp Driver (Ab)use☆20Updated last year
- Beacon Object File allowing creation of Beacons in different sessions.☆73Updated 2 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆147Updated 10 months ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe …☆47Updated 2 years ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated 8 months ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆143Updated last year
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆57Updated 8 months ago