A Patchless AMSI Bypass Technique using VEH²
☆30Jun 22, 2025Updated 8 months ago
Alternatives and similar repositories for VEH2
Users that are interested in VEH2 are comparing it to the libraries listed below
Sorting:
- Command-line tool for discovering SaaS platforms a company uses via DNS enumeration☆38Jul 23, 2025Updated 7 months ago
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- Detect BypassUAC using AMSI☆29Feb 18, 2025Updated last year
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Attack Active Directory Trusts with a single tool☆14Jan 15, 2025Updated last year
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 10 months ago
- call gates as stable comunication channel for NT x86 and Linux x86_64☆32Aug 11, 2023Updated 2 years ago
- ☆21Jan 8, 2026Updated last month
- Some stuff for PHD2021☆14May 21, 2025Updated 9 months ago
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 9 months ago
- Remotely dump NT hashes through Windows Crash dumps☆33Oct 29, 2024Updated last year
- Locate dlls and function addresses without PEB Walk and EAT parsing☆105Nov 7, 2025Updated 3 months ago
- Modified version of Pypykatz to print encrypted credentials☆56Dec 26, 2022Updated 3 years ago
- A tool to enumerate and download files from the System Center Configuration Manager (SCCM) SMB share (SCCMContentLib)☆16Jul 27, 2024Updated last year
- ☆57Aug 28, 2023Updated 2 years ago
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- Reports and POCs for CVE 2024-43570 and CVE-2024-43535☆29Jun 7, 2025Updated 8 months ago
- Repository for dirty scripts and PoCs☆20Feb 18, 2025Updated last year
- A .NET implementation to dump SAM, SYSTEM, SECURITY registry hives from a remote host☆41Dec 8, 2023Updated 2 years ago
- Executes Read/Write process memory with `NtQueryCompositionSurfaceStatistics`☆23Feb 10, 2024Updated 2 years ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 7 months ago
- A PowerShell malware that disables all the Windows Security features with UAC Bypass and Anti-VM features. (Designed to work both as a po…☆47May 24, 2025Updated 9 months ago
- Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor☆21Jul 4, 2024Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆41Aug 28, 2024Updated last year
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54May 12, 2025Updated 9 months ago
- GenZ Shellcode Generator to execute commands with winExec API☆22Apr 27, 2025Updated 10 months ago
- Source files for my posts☆17Jun 20, 2023Updated 2 years ago
- Lateral Movement via the .NET Profiler☆100Nov 21, 2024Updated last year
- PandaCrypter is a C#-based tool designed to convert PowerShell scripts into obfuscated batch files (.bat) with encryption and additional …☆46Aug 16, 2025Updated 6 months ago
- Docker container for running CobaltStrike 4.7 and above☆24Mar 20, 2025Updated 11 months ago
- Fixes the "Device\Nal is already in use" error on kdmapper.☆19Jan 9, 2023Updated 3 years ago
- Yet another shellcode loader - but a sneaky one☆25Apr 16, 2025Updated 10 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 9 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan …☆206Dec 8, 2025Updated 2 months ago
- .NET port of Leron Gray's azbelt tool.☆26Sep 21, 2023Updated 2 years ago
- A lightweight (<3MB) Discord RAT & Stealer written in Go.☆14Dec 17, 2025Updated 2 months ago
- A C DLL that can control powershell☆51Dec 13, 2019Updated 6 years ago
- A python tool to parse and describe the contents of a raw ntSecurityDescriptor structure.☆28Aug 18, 2025Updated 6 months ago