☆80Apr 23, 2024Updated last year
Alternatives and similar repositories for CortexVortex
Users that are interested in CortexVortex are comparing it to the libraries listed below
Sorting:
- Dynamically resolve API function addresses at runtime in a secure manner.☆72Nov 11, 2025Updated 3 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆150May 3, 2024Updated last year
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆108Apr 18, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- ☆126Jan 23, 2025Updated last year
- A process injection technique using only thread context manipulation☆41Dec 18, 2023Updated 2 years ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- Simulate the behavior of AV/EDR for malware development training.☆561Feb 15, 2024Updated 2 years ago
- A POC to disable TamperProtection and other Defender / MDE components☆254Jun 6, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆381Dec 13, 2024Updated last year
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆458Aug 2, 2024Updated last year
- Tools for analyzing EDR agents☆277Jun 10, 2024Updated last year
- ☆53Sep 23, 2025Updated 5 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Feb 9, 2024Updated 2 years ago
- Admin to Kernel code execution using the KSecDD driver☆265Apr 19, 2024Updated last year
- Abusing Azure services over C2☆368Jan 20, 2026Updated last month
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆289May 27, 2024Updated last year
- Evasion by machine code de-optimization.☆418Jul 22, 2024Updated last year
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆122May 29, 2024Updated last year
- An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities☆63Aug 25, 2022Updated 3 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆211Jun 10, 2024Updated last year
- ☆100Sep 1, 2024Updated last year
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- Automated .NET AppDomain hijack payload generation☆129Feb 4, 2025Updated last year
- ☆146Nov 6, 2025Updated 3 months ago
- ☆159Dec 13, 2024Updated last year
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆167Nov 17, 2025Updated 3 months ago
- A Mythic Agent written in PIC C.☆207Feb 4, 2025Updated last year
- An interactive shell to spoof some LOLBins command line☆188Jan 27, 2024Updated 2 years ago
- ☆109Feb 17, 2025Updated last year
- Rust procedural macro to insert a few asm! calls full of junk instructions in between every line of code.☆13May 27, 2023Updated 2 years ago
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆42Aug 6, 2024Updated last year
- ☆64May 31, 2024Updated last year
- ☆246Dec 16, 2022Updated 3 years ago
- COM ViewLogger — new malware keylogging technique☆404Jan 6, 2025Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated 11 months ago
- Slides and Codes used for the workshop Red Team Infrastructure Automation☆193Apr 14, 2024Updated last year