VirtualAlllocEx / DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
☆635Updated 10 months ago
Related projects ⓘ
Alternatives and complementary repositories for DEFCON-31-Syscalls-Workshop
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆1,150Updated last year
- Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes☆927Updated last year
- This repo contains C/C++ snippets that can be handy in specific offensive scenarios.☆638Updated 3 months ago
- My collection of malware dev links☆244Updated 2 months ago
- Materials for the workshop "Red Team Ops: Havoc 101"☆351Updated last month
- ☆312Updated last year
- Containing my notes, practice binaries + solutions, blog posts, etc. for the Offensive Security Exploit Developer (OSED/EXP-301)☆581Updated 3 months ago
- JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.☆300Updated 2 months ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆560Updated last month
- Little user-mode AV/EDR evasion lab for training & learning purposes☆1,005Updated 6 months ago
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆458Updated 11 months ago
- A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage Power…☆639Updated 6 months ago
- Kernel mode WinDbg extension and PoCs for token privilege investigation.☆815Updated this week
- ☆671Updated 7 months ago
- A PoC that packages payloads into output containers to evade Mark-of-the-Web flag & demonstrate risks associated with container file form…☆862Updated 5 months ago
- Killer tool is designed to bypass AV/EDR security tools using various evasive techniques.☆757Updated 4 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆469Updated 5 months ago
- Simulate the behavior of AV/EDR for malware development training.☆455Updated 9 months ago
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆370Updated 3 months ago
- Awesome EDR Bypass Resources For Ethical Hacking☆940Updated last week
- HookChain: A new perspective for Bypassing EDR Solutions☆408Updated this week
- Cobalt Strike HTTPS beaconing over Microsoft Graph API☆551Updated 4 months ago
- MultiDump is a post-exploitation tool for dumping and extracting LSASS memory discreetly.☆492Updated 3 months ago
- Windows Local Privilege Escalation Cookbook☆981Updated 7 months ago
- Useful C2 techniques and cheatsheets learned from engagements☆425Updated last month
- A list of methods to coerce a windows machine to authenticate to an attacker-controlled machine through a Remote Procedure Call (RPC) wit…☆493Updated 8 months ago
- PEN-300 collection to help you on your exam.☆335Updated 8 months ago
- Collection of OPSEC Tradecraft and TTPs for Red Team Operations☆272Updated last month
- Protected Process Dumper Tool☆520Updated last year
- Cobalt Strike UDRL for memory scanner evasion.☆879Updated 5 months ago