ahron-chet / GuardBypassToolkit
A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run Mimikatz in-memory. The project includes an LSASS dumper that uses a callback function and memory manipulations to bypass Windows Defender
☆20Updated 8 months ago
Alternatives and similar repositories for GuardBypassToolkit:
Users that are interested in GuardBypassToolkit are comparing it to the libraries listed below
- ☆36Updated 2 years ago
- ☆53Updated 2 months ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆37Updated last year
- Execute dotnet app from unmanaged process☆71Updated 3 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆44Updated last year
- TypeLib persistence technique☆108Updated 5 months ago
- ☆95Updated 6 months ago
- converts sRDI compatible dlls to shellcode☆22Updated 2 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆46Updated last year
- Threadless shellcode injection tool☆62Updated 7 months ago
- ☆27Updated 3 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆83Updated 2 years ago
- Bypassing Amsi using LdrLoadDll☆43Updated 2 months ago
- Various methods of executing shellcode☆69Updated 2 years ago
- Shellcode Loader Utilizing ETW Events☆60Updated last month
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆62Updated last year
- Encode shellcode into dictionary words for evasion and entropy reduction☆25Updated 4 months ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆22Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆36Updated last year
- GPOAnalyzer is a tool designed to assist in parsing domain Group Policy Object (GPO) files located in the SYSVOL directory.☆25Updated 9 months ago
- stack spoofing☆80Updated 4 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- ☆21Updated last month
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆68Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆50Updated 4 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆79Updated 5 months ago
- Section-based payload obfuscation technique for x64☆59Updated 7 months ago
- Threadless injection via TLS callbacks☆16Updated 4 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆22Updated last year
- Shellcode loader☆77Updated 4 months ago