A method to execute syscalls while bypassing EDR's function hooking and call stack analysis.
☆24Apr 24, 2025Updated 10 months ago
Alternatives and similar repositories for Hit-And-Run
Users that are interested in Hit-And-Run are comparing it to the libraries listed below
Sorting:
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆23Jul 11, 2025Updated 7 months ago
- SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in…☆14Dec 8, 2024Updated last year
- ☆100Sep 1, 2024Updated last year
- A tool that supports finding and abusing whitelisted programs to allow arbitrary file writing into the executable folder of Antivirus sof…☆81Nov 1, 2025Updated 4 months ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆48Nov 2, 2025Updated 4 months ago
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated 11 months ago
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- ☆31Jul 26, 2024Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆298Jul 31, 2024Updated last year
- ☆31May 23, 2024Updated last year
- ☆36Aug 21, 2024Updated last year
- Open Source XSS exploitation tool. using http proxy to access the browser which executed js. [Engineering Experimental]☆36Nov 22, 2024Updated last year
- A simple Sleepmask BOF example☆168Nov 24, 2025Updated 3 months ago
- 使用Visral Studio开发ShellCode☆235Oct 11, 2023Updated 2 years ago
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆261Oct 16, 2024Updated last year
- Binary Hollowing☆94Sep 10, 2024Updated last year
- about how to make a anti-virus engine☆106May 22, 2025Updated 9 months ago
- ☆108Aug 21, 2024Updated last year
- 内存加载FRP☆10Sep 11, 2023Updated 2 years ago
- 驱动开发工具包☆11Dec 8, 2018Updated 7 years ago
- ☆15Aug 5, 2025Updated 6 months ago
- My dotfiles☆10Jul 31, 2024Updated last year
- Windows Protected Process Light toggle tool — dynamically finds offsets and patches EPROCESS using RTCore64☆66May 2, 2025Updated 10 months ago
- Script parses Interactive Brokers trade report to aid in Finnish tax report fill☆13Jan 10, 2024Updated 2 years ago
- a BOF implementation of various registry persistence methods☆94Nov 11, 2025Updated 3 months ago
- Repository for the DEF CON 33 talk: Kill Chain Reloaded☆79Aug 3, 2025Updated 7 months ago
- bring your own vulnerable driver☆113May 17, 2023Updated 2 years ago
- 资产测绘输出xlsx表格☆14Sep 10, 2024Updated last year
- Analysis of techniques used by Conti ransomware affiliates from their leaked manuals.☆19Aug 29, 2021Updated 4 years ago
- ☆23Apr 8, 2025Updated 10 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Windows 10/11 unsigned kernel driver load/debugging☆17Feb 17, 2023Updated 3 years ago
- Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.☆10Dec 6, 2021Updated 4 years ago
- Evasion kit for Cobalt Strike☆30Jan 16, 2026Updated last month
- ☆17Jun 16, 2025Updated 8 months ago
- List web account manager (WAM) accounts added to the current profile☆22Dec 11, 2025Updated 2 months ago
- NOPEN Tool 又名“morerats” 莫雷斯特,是方程式工具包里的工具。☆45Mar 18, 2022Updated 3 years ago
- ☆13Mar 17, 2025Updated 11 months ago