☆81Apr 23, 2024Updated last year
Alternatives and similar repositories for CortexVortex
Users that are interested in CortexVortex are comparing it to the libraries listed below
Sorting:
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆108Apr 18, 2024Updated last year
- Dynamically resolve API function addresses at runtime in a secure manner.☆73Nov 11, 2025Updated 4 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆150May 3, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- A process injection technique using only thread context manipulation☆41Dec 18, 2023Updated 2 years ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- ☆127Jan 23, 2025Updated last year
- Simulate the behavior of AV/EDR for malware development training.☆565Feb 15, 2024Updated 2 years ago
- ☆53Sep 23, 2025Updated 5 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆460Aug 2, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- ☆100Sep 1, 2024Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆290May 27, 2024Updated last year
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities☆63Aug 25, 2022Updated 3 years ago
- Admin to Kernel code execution using the KSecDD driver☆264Apr 19, 2024Updated last year
- Sleep obfuscation☆271Dec 13, 2024Updated last year
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Feb 9, 2024Updated 2 years ago
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆168Nov 17, 2025Updated 4 months ago
- Evasion by machine code de-optimization.☆418Jul 22, 2024Updated last year
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆211Jun 10, 2024Updated last year
- ☆63May 31, 2024Updated last year
- Abusing Azure services over C2☆367Jan 20, 2026Updated 2 months ago
- Automated .NET AppDomain hijack payload generation☆129Feb 4, 2025Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- A POC to disable TamperProtection and other Defender / MDE components☆255Jun 6, 2024Updated last year
- Library of BOFs to interact with SQL servers☆227Dec 3, 2025Updated 3 months ago
- ☆147Nov 6, 2025Updated 4 months ago
- Slides and Codes used for the workshop Red Team Infrastructure Automation☆193Apr 14, 2024Updated last year
- BOF for C2 framework☆44Nov 9, 2024Updated last year
- Resources linked to my presentation at OffensiveX in Athens in June 2024 on the topic "Breach the Gat, Advanced Initial Access in 2024"☆147Aug 15, 2024Updated last year
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆123May 29, 2024Updated last year
- ☆110Feb 17, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- Decrypt GlobalProtect configuration and cookie files.☆157Sep 10, 2024Updated last year
- ☆246Dec 16, 2022Updated 3 years ago
- Stage 0☆169Dec 18, 2024Updated last year
- ☆159Dec 13, 2024Updated last year