ahkeur / VEH2Links
A Patchless AMSI Bypass Technique using VEH²
☆27Updated 2 months ago
Alternatives and similar repositories for VEH2
Users that are interested in VEH2 are comparing it to the libraries listed below
Sorting:
- A C# implementation of dumping credentials from Windows Credential Manager☆60Updated last year
- Remap ntdll.dll using only NTAPI functions with a suspended process☆25Updated 4 months ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- Modify managed functions from unmanaged code☆52Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆60Updated 9 months ago
- Proxy function calls through the thread pool with ease☆29Updated 6 months ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆17Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- miscellaneous codes☆35Updated last year
- powershell script i wrote that can suspend an arbitrary process (with limits)☆20Updated 2 years ago
- BOF for C2 framework☆43Updated 9 months ago
- Post-Ex BOF tooling for Hannibal☆24Updated 9 months ago
- RunPE adapted for x64 and written in C, does not use RWX☆27Updated last year
- ☆28Updated 7 months ago
- ☆11Updated 2 years ago
- PoC to self-delete a binary in C#☆34Updated last year
- A bunch of shenanigans using functions, VEH and more☆32Updated 2 months ago
- A more reliable way of resolving syscall numbers in Windows☆53Updated last year
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆38Updated last month
- an Improoved Version of 0xNinjaCyclone´s EarlyCascade Code☆21Updated 6 months ago
- ☆34Updated 5 months ago
- Extension functionality for the NightHawk operator client☆27Updated last year
- API Hammering with C++20☆49Updated 3 years ago
- .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…☆43Updated last year
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆39Updated 8 months ago
- ☆31Updated 8 months ago
- A simple Linux in-memory .so loader☆30Updated 2 years ago
- ☆59Updated last year
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated last year