Z4kSec / IoctlHunter
IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.
☆90Updated 10 months ago
Related projects ⓘ
Alternatives and complementary repositories for IoctlHunter
- ☆126Updated 3 months ago
- ☆133Updated last year
- ☆142Updated last year
- ☆175Updated 11 months ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆108Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆148Updated 5 months ago
- Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies☆113Updated 5 months ago
- A set of programs for analyzing common vulnerabilities in COM☆155Updated 2 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆146Updated 3 weeks ago
- Find DLLs with RWX section☆75Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆145Updated 11 months ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆166Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆45Updated 8 months ago
- Bypass LSA protection using the BYODLL technique☆150Updated 2 months ago
- A Mythic Agent written in PIC C.☆92Updated this week
- Just another C2 Redirector using CloudFlare.☆78Updated 6 months ago
- ☆59Updated 5 months ago
- Simple BOF to read the protection level of a process☆104Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆209Updated 2 months ago
- ☆118Updated last year
- ☆116Updated 2 months ago
- Evade EDR's the simple way, by not touching any of the API's they hook.☆53Updated 3 months ago
- Patch AMSI and ETW☆233Updated 6 months ago
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆104Updated 2 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆38Updated 4 months ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆190Updated 5 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆159Updated last month
- EDRSandblast-GodFault☆240Updated last year
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated last year
- ☆109Updated 3 years ago