☆113Oct 10, 2022Updated 3 years ago
Alternatives and similar repositories for TickTock
Users that are interested in TickTock are comparing it to the libraries listed below
Sorting:
- ☆153Jul 31, 2022Updated 3 years ago
- ☆274Jan 14, 2023Updated 3 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- ☆39Oct 12, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- API Hammering with C++20☆50Jul 21, 2022Updated 3 years ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆115Aug 29, 2022Updated 3 years ago
- miscellaneous scripts and programs☆277Jan 23, 2025Updated last year
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆622Sep 26, 2023Updated 2 years ago
- A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …☆91Oct 10, 2022Updated 3 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆197Dec 6, 2022Updated 3 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆249Jul 9, 2024Updated last year
- A bunch of scripts and code i wrote.☆149Nov 7, 2024Updated last year
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- Sleep Obfuscation☆816Dec 3, 2023Updated 2 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆125Feb 13, 2023Updated 3 years ago
- Dump Citrix Secure Access auth cookie from the process memory☆76Jun 24, 2022Updated 3 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- ☆26Dec 29, 2021Updated 4 years ago
- ☆44Oct 16, 2023Updated 2 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- Sleep Obfuscation☆45Oct 13, 2022Updated 3 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆308Feb 13, 2023Updated 3 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Replace the .txt section of the current loaded modules from \KnownDlls\☆305Sep 28, 2022Updated 3 years ago
- ☆23May 28, 2021Updated 4 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆553Apr 8, 2025Updated 10 months ago
- Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…☆16Jun 4, 2025Updated 8 months ago
- Detect strange memory regions and DLLs☆185Jan 20, 2022Updated 4 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- ☆153Jan 6, 2023Updated 3 years ago