VirtualAlllocEx / Direct-Syscalls-A-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
☆133Updated last year
Alternatives and similar repositories for Direct-Syscalls-A-journey-from-high-to-low:
Users that are interested in Direct-Syscalls-A-journey-from-high-to-low are comparing it to the libraries listed below
- ☆180Updated last year
- POC for frustrating/defeating Malware Analysts☆154Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆170Updated 2 years ago
- Lateral Movement Using DCOM and DLL Hijacking☆283Updated last year
- EDRSandblast-GodFault☆250Updated last year
- My implementation of the GIUDA project in C++☆167Updated last year
- Do some DLL SideLoading magic☆78Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆172Updated 2 months ago
- An App Domain Manager Injection DLL PoC on steroids☆164Updated last year
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆143Updated 2 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆83Updated 2 years ago
- Patch AMSI and ETW☆235Updated 9 months ago
- Beacon Object File Loader☆282Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆246Updated 4 months ago
- Reuse open handles to dynamically dump LSASS.☆235Updated 10 months ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆89Updated 2 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 4 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆229Updated 2 years ago
- ☆120Updated last year
- Exploitation of process killer drivers☆196Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated last year
- Infect Shared Files In Memory for Lateral Movement☆193Updated 2 years ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆147Updated last year
- Patching AmsiOpenSession by forcing an error branching☆143Updated last year
- (Demo) 3rd party agent for Havoc☆133Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆184Updated last year
- ☆134Updated last year
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆109Updated last year
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆176Updated last year
- Find .net assemblies locally☆104Updated 2 years ago