SafeBreach-Labs / CortexVortexLinks
☆80Updated last year
Alternatives and similar repositories for CortexVortex
Users that are interested in CortexVortex are comparing it to the libraries listed below
Sorting:
- I have documented all of the AMSI patches that I learned till now☆74Updated 7 months ago
- A BOF to enumerate system process, their protection levels, and more.☆120Updated 11 months ago
- ☆31Updated last year
- ☆82Updated last year
- ☆87Updated 2 years ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆146Updated last year
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆105Updated last year
- Lateral Movement via the .NET Profiler☆84Updated 11 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆50Updated 2 years ago
- ☆77Updated last year
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆130Updated 2 years ago
- Find DLLs with RWX section☆80Updated 2 years ago
- ☆109Updated 8 months ago
- ☆135Updated 8 months ago
- ☆114Updated 11 months ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- Select any exported function in a dll as the new dll's entry point.☆81Updated last year
- ☆100Updated 2 years ago
- ☆91Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Updated 2 years ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆80Updated 6 months ago
- ☆71Updated 3 years ago
- Modern PIC implant for Windows (64 & 32 bit)☆103Updated 3 months ago
- Simple BOF to read the protection level of a process☆119Updated 2 years ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆120Updated last year
- Template-based generation of shellcode loaders☆79Updated last year
- ☆52Updated 4 months ago
- Toolset to manipulate RPC clients by finding delayed services and masquerading as them☆97Updated 2 months ago