ZeroMemoryEx / OverlordLinks
abusing Process Hacker driver to terminate other processes (BYOVD)
☆82Updated 2 years ago
Alternatives and similar repositories for Overlord
Users that are interested in Overlord are comparing it to the libraries listed below
Sorting:
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆70Updated last year
- I have documented all of the AMSI patches that I learned till now☆72Updated 2 months ago
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 3 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆100Updated 2 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆64Updated 2 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago
- ☆99Updated last year
- ☆36Updated 2 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆119Updated 2 years ago
- Various methods of executing shellcode☆70Updated 2 years ago
- ☆49Updated 2 years ago
- Sleep Obfuscation☆45Updated 2 years ago
- ☆122Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- ☆136Updated last year
- ☆115Updated 2 years ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆82Updated 7 months ago
- Get your data from the resource section manually, with no need for windows apis☆62Updated 7 months ago
- ☆85Updated last year
- ☆23Updated 3 months ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆106Updated 2 years ago
- ☆36Updated 2 years ago
- ☆124Updated last year
- Lateral Movement via the .NET Profiler☆82Updated 6 months ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆123Updated 2 years ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆89Updated 11 months ago
- ☆128Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- shell code example☆49Updated 2 weeks ago
- Identify and exploit leaked handles for local privilege escalation.☆108Updated last year