A method to execute syscalls while bypassing EDR's function hooking and call stack analysis.
☆25Apr 24, 2025Updated 10 months ago
Alternatives and similar repositories for Hit-And-Run
Users that are interested in Hit-And-Run are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆24Jul 11, 2025Updated 8 months ago
- SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in…☆14Dec 8, 2024Updated last year
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆51Nov 2, 2025Updated 4 months ago
- Non organized Cpp code files I used for my research on Windows☆28Aug 9, 2020Updated 5 years ago
- Open Source XSS exploitation tool. using http proxy to access the browser which executed js. [Engineering Experimental]☆36Nov 22, 2024Updated last year
- ☆16Jun 1, 2024Updated last year
- A tool that supports finding and abusing whitelisted programs to allow arbitrary file writing into the executable folder of Antivirus sof…☆82Nov 1, 2025Updated 4 months ago
- ☆100Sep 1, 2024Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated last year
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- Inject dll to process in driver☆10Aug 27, 2024Updated last year
- 内存加载FRP☆10Sep 11, 2023Updated 2 years ago
- tests to catch some sloppy hv impls☆34Mar 16, 2026Updated last week
- ☆31Jul 26, 2024Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- about how to make a anti-virus engine☆107May 22, 2025Updated 10 months ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆267Oct 16, 2024Updated last year
- 驱动开发工具包☆11Dec 8, 2018Updated 7 years ago
- ☆17Jun 16, 2025Updated 9 months ago
- a BOF implementation of various registry persistence methods☆96Nov 11, 2025Updated 4 months ago
- Repository for the DEF CON 33 talk: Kill Chain Reloaded☆81Aug 3, 2025Updated 7 months ago
- Windows 10/11 unsigned kernel driver load/debugging☆19Feb 17, 2023Updated 3 years ago
- ☆36Aug 21, 2024Updated last year
- A simple Sleepmask BOF example☆171Nov 24, 2025Updated 3 months ago
- ☆52Dec 11, 2019Updated 6 years ago
- IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploit…☆92May 6, 2025Updated 10 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆105Nov 7, 2025Updated 4 months ago
- A low-entropy shellcode executor that encodes shellcode bytes into common English words, with anti-debugging capabilities.☆22Aug 10, 2025Updated 7 months ago
- Sleep obfuscation☆271Dec 13, 2024Updated last year
- can convert EXE/DLL into position-independent shellcode☆41Feb 1, 2026Updated last month
- Binary Hollowing☆95Sep 10, 2024Updated last year
- ☆108Aug 21, 2024Updated last year
- 免杀shellcode☆14Sep 8, 2021Updated 4 years ago
- Log all keyboard and terminal input/output for any app 记录任意程序的键盘输入和终端输入输出☆23Sep 19, 2025Updated 6 months ago
- 使用Visral Studio开发ShellCode☆239Oct 11, 2023Updated 2 years ago
- 资产测绘输出xlsx表格☆14Sep 10, 2024Updated last year
- ☆65Dec 19, 2024Updated last year
- Zero-dependency MCP server implementation.☆74Feb 23, 2026Updated last month