Xobtah / hermes
Self-updatable RAT + C2 server + client.
β10Updated 7 months ago
Alternatives and similar repositories for hermes:
Users that are interested in hermes are comparing it to the libraries listed below
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ43Updated 11 months ago
- A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.β37Updated 5 months ago
- Threadless shellcode injection toolβ63Updated 6 months ago
- LKM rootkit for modern kernels, with DNS C2 and a simple web interfaceβ64Updated this week
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooksβ82Updated 2 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.β85Updated 8 months ago
- Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rustβ35Updated 8 months ago
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls executionβ167Updated 11 months ago
- Classic Process Injection with Memory Evasion Techniques implemantationβ66Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.β90Updated 11 months ago
- A collection of red team techniques.β24Updated 2 months ago
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.β18Updated 6 months ago
- A runtime that can hide instruction and memory data in the sleep time.β17Updated this week
- CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls executionβ42Updated 10 months ago
- A basic C2 framework written in Cβ59Updated 7 months ago
- A Rust port of LayeredSyscall β performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.β133Updated 3 months ago
- A simple Sleepmask BOF exampleβ86Updated 5 months ago
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when β¦β81Updated 2 years ago
- Inject a shellcode in a remote process using Process Hollowing.β44Updated 3 years ago
- Direct syscalls Injection to bypass AV/EDRβ11Updated 9 months ago
- ShadeLoader is a shellcode loader designed to bypass most antivirus software. 壳代η , ζζ―θ½―δ»Ά, η»θΏβ39Updated 6 months ago
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.β45Updated 9 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.β131Updated 8 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Executionβ41Updated 7 months ago
- Shellcode loader designed for evasion. Coded in Rust.β124Updated last year
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.β55Updated 7 months ago
- Magical obfuscator, supports obfuscating EXE, BOF, and ShellCode.β142Updated 2 months ago
- A lightweight remote access trojan in Rustβ27Updated 7 months ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooksβ147Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sectionsβ118Updated 2 years ago