☆113Oct 10, 2022Updated 3 years ago
Alternatives and similar repositories for TickTock
Users that are interested in TickTock are comparing it to the libraries listed below
Sorting:
- ☆155Jul 31, 2022Updated 3 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- ☆275Jan 14, 2023Updated 3 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆115Aug 29, 2022Updated 3 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- API Hammering with C++20☆51Jul 21, 2022Updated 3 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆535Aug 1, 2022Updated 3 years ago
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆620Sep 26, 2023Updated 2 years ago
- Sleep Obfuscation☆45Oct 13, 2022Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆198Dec 6, 2022Updated 3 years ago
- miscellaneous scripts and programs☆278Jan 23, 2025Updated last year
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- ☆39Oct 12, 2022Updated 3 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆250Jul 9, 2024Updated last year
- ☆26Dec 29, 2021Updated 4 years ago
- A bunch of scripts and code i wrote.☆149Nov 7, 2024Updated last year
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- Finding Truth in the Shadows☆125Jan 26, 2023Updated 3 years ago
- Sleep Obfuscation☆824Dec 3, 2023Updated 2 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆125Feb 13, 2023Updated 3 years ago
- Dump Citrix Secure Access auth cookie from the process memory☆76Jun 24, 2022Updated 3 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆170May 17, 2023Updated 2 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆266Nov 18, 2022Updated 3 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆559Apr 8, 2025Updated 11 months ago
- Replace the .txt section of the current loaded modules from \KnownDlls\☆305Sep 28, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆309Feb 13, 2023Updated 3 years ago
- Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).☆185Feb 12, 2023Updated 3 years ago
- A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …☆92Oct 10, 2022Updated 3 years ago
- ☆44Oct 16, 2023Updated 2 years ago
- Detect strange memory regions and DLLs☆190Jan 20, 2022Updated 4 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post☆131Jan 14, 2023Updated 3 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆107Mar 8, 2023Updated 3 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago