ZeroMemoryEx / Overlord
abusing Process Hacker driver to terminate other processes (BYOVD)
☆81Updated last year
Alternatives and similar repositories for Overlord:
Users that are interested in Overlord are comparing it to the libraries listed below
- Sleep Obfuscation☆42Updated 2 years ago
- ☆46Updated 2 years ago
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- Beacon Object File allowing creation of Beacons in different sessions.☆78Updated 2 years ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆172Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆96Updated last year
- Tool for playing with Windows Access Token manipulation.☆53Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆70Updated 11 months ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆80Updated 3 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆117Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆38Updated last year
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆80Updated last year
- ☆36Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆132Updated 2 years ago
- ☆73Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆82Updated last year
- ☆111Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆80Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆122Updated 2 years ago
- API Hammering with C++20☆42Updated 2 years ago
- Do some DLL SideLoading magic☆76Updated last year
- ☆109Updated 2 years ago