S12cybersecurity / ETWEvasionToolkitView external linksLinks
Toolkit of Projects to attack and evade Event Trace for Windows
☆26Aug 28, 2025Updated 5 months ago
Alternatives and similar repositories for ETWEvasionToolkit
Users that are interested in ETWEvasionToolkit are comparing it to the libraries listed below
Sorting:
- Perform Thread Hijacking Shellcode Injection without OpenProcess and OpenThread mapping all the free handles in memory☆16Jul 16, 2024Updated last year
- Threat Hijacking Simple Implementation☆18Feb 24, 2025Updated 11 months ago
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆12Apr 21, 2025Updated 9 months ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆25Apr 21, 2025Updated 9 months ago
- PDF Icon File Type Spoofer☆17Jul 8, 2024Updated last year
- ☆20Sep 6, 2025Updated 5 months ago
- C++ keylogger to save all the keys pressed into a local txt file☆11Apr 6, 2023Updated 2 years ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 9 months ago
- Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum…☆17Jun 12, 2025Updated 8 months ago
- Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…☆12Apr 21, 2025Updated 9 months ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- Beacon Object File to locate and suspend the threads hosting the Event Log service☆29Jun 17, 2022Updated 3 years ago
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 9 months ago
- Analyzes AdminSDHolder permissions & compares with default baseline or a previous run, to detect potential backdoor/excessive persistent …☆15Apr 8, 2025Updated 10 months ago
- Post-Exploitation Tool to Steal MySQL Data, and with persistence extract all data from MySQL table every time that Windows are opened wit…☆13Apr 2, 2023Updated 2 years ago
- C2 redirector as a web API☆10May 22, 2021Updated 4 years ago
- Repository to gather the BOF files I will be developing☆11Oct 1, 2024Updated last year
- Demo code JavaScript POC that tricks user into sending Windows hash to responder☆36Dec 12, 2025Updated 2 months ago
- Detect Beacon Powerful (Include CobatStrike 4.10 Aha~)☆21Oct 18, 2024Updated last year
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆13Feb 4, 2024Updated 2 years ago
- Admin2Sys it's a C++ malware to escalate privileges from Administrator account to NT AUTORITY SYSTEM☆62May 1, 2023Updated 2 years ago
- Source Code Management Attack Toolkit☆13Aug 1, 2022Updated 3 years ago
- GetSystem-LCI is a PowerShell script to escalate privileges from Administrator to NT AUTHORITY\SYSTEM by abusing LanguageComponentsInstal…☆35Nov 24, 2024Updated last year
- ☆31Oct 23, 2023Updated 2 years ago
- This repo contains C/C++ snippets that can be handy in specific offensive scenarios.☆12May 31, 2024Updated last year
- A guide to get you started with Windows Kernel Debugging walking you through the complete setup and usage of WinDbg to trace Windows proc…☆25Nov 26, 2025Updated 2 months ago
- BOF implementation of Adopt. Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆17Jul 22, 2022Updated 3 years ago
- A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)☆16Jul 27, 2024Updated last year
- Remote administration toolkit for windows, based on Hidden VNC: file manager, keystroke logger, powershell☆35Nov 23, 2025Updated 2 months ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- Offensive Security & Red Teaming Labs and Projects☆25Aug 26, 2025Updated 5 months ago
- Multi-component Remote Access Trojan: C++ client (victim), C# server, and Angular frontend.☆49May 4, 2025Updated 9 months ago
- Rat Inject is C++ Executable to gain Undetectable Persistence in Windows via 4 Registry Keys☆32Nov 29, 2022Updated 3 years ago
- Just another Process Injection using Process Hollowing technique.☆19Sep 18, 2023Updated 2 years ago
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- A malicous Golang Package☆15Apr 21, 2025Updated 9 months ago
- Indirect NT syscalls LSASS dumper.☆46Jul 9, 2023Updated 2 years ago
- An execute-assembly compatible tool for spraying local admin hashes on an Active Directory domain.☆19Apr 30, 2021Updated 4 years ago
- Beacon Object Files used for Cobalt Strike☆19Jul 18, 2023Updated 2 years ago