Trapwithme / UACBuddyLinks
UAC via computerdefaults.exe
☆12Updated 2 months ago
Alternatives and similar repositories for UACBuddy
Users that are interested in UACBuddy are comparing it to the libraries listed below
Sorting:
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆21Updated last month
- Ntdll Unhooking☆12Updated last month
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆12Updated last month
- golang String Obfuscate☆9Updated 3 years ago
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆10Updated last month
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆20Updated 2 years ago
- Change hash for a signed pe☆16Updated last year
- C code to enable ETW tracing for Dotnet Assemblies☆31Updated 2 years ago
- reverse engineering random malwares☆23Updated 4 months ago
- run process as PPL Antimalware☆10Updated last year
- ☆40Updated 3 months ago
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Updated 3 years ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆31Updated 11 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆17Updated last month
- Fuzzing Harness and Unpatched Crash Results from Fuzzing Defender MpEngine☆22Updated 2 weeks ago
- This repository contains a tool that can encrypt all type of files and give the encrypted output in the form of an encrypted shellcode. P…☆15Updated 3 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆56Updated 3 years ago
- Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.☆21Updated last month
- Utilizing Alternative Shellcode Execution Via Callbacks☆13Updated last year
- Using Thread Description To Hide Shellcodes☆14Updated 2 years ago
- This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.☆17Updated 10 months ago
- Hide code from dnSpy and other C# spying tools☆42Updated 4 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆39Updated 4 years ago
- Process Hollowing in Rust with Process Executable Relocation Support for both 32 and 64 bit architecture environments.☆18Updated 5 months ago
- C# API for Nidhogg rootkit☆17Updated last year
- powershell script i wrote that can suspend an arbitrary process (with limits)☆20Updated 2 years ago
- A simple PE loader.☆26Updated 2 years ago
- ☆54Updated 2 years ago
- ☆31Updated last month