ahron-chet / GuardBypassToolkitView external linksLinks
A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run Mimikatz in-memory. The project includes an LSASS dumper that uses a callback function and memory manipulations to bypass Windows Defender
☆21Jul 14, 2024Updated last year
Alternatives and similar repositories for GuardBypassToolkit
Users that are interested in GuardBypassToolkit are comparing it to the libraries listed below
Sorting:
- ☆38Oct 16, 2025Updated 3 months ago
- Windows Active DIrectory Pentesting documentation.☆19Jun 14, 2024Updated last year
- Modern PIC implant for Windows (64 & 32 bit)☆105Jul 23, 2025Updated 6 months ago
- Daily updated malware indicator lists from TR-CERT (USOM), including parsed malicious URLs, IPs, and domains.☆15Updated this week
- Repository to gather the BOF files I will be developing☆11Oct 1, 2024Updated last year
- Collection of different rootkit functionality, each driver representing a different rootkit component☆12May 27, 2025Updated 8 months ago
- ☆18Jul 4, 2019Updated 6 years ago
- A small set of Beacon Object Files (BOFs) that I developed over the time with a Magic: The Gathering theme.☆16Jul 15, 2025Updated 6 months ago
- This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…☆18Oct 31, 2024Updated last year
- EDR/AV Simulation for Malware Development☆13Oct 21, 2023Updated 2 years ago
- Modifies machine.config for persistence after installing signed .net assembly onto GAC☆13Mar 17, 2022Updated 3 years ago
- Reproducing the SkeletonKey malware.☆11Apr 6, 2024Updated last year
- Just another repository for malware development☆13May 12, 2024Updated last year
- ☆14Aug 22, 2022Updated 3 years ago
- Shellcode Loader Utilizing ETW Events☆67Feb 26, 2025Updated 11 months ago
- This repository contains Loadable Kernel Modules (LKM) and LD_PRELOAD-based modules designed for penetration testing, red teaming, and se…☆13Feb 15, 2025Updated 11 months ago
- Thats it! An Open-Source Windows UEFI Rootkit☆28Jul 19, 2025Updated 6 months ago
- Tutorial covering how to discover DLLs for Hijacking and how to create proxy DLLS using Microsoft Teams as an example☆16Apr 7, 2021Updated 4 years ago
- Virtual machines that are set up with a variety of known vulnerabilities.☆17Mar 1, 2022Updated 3 years ago
- Obfuscate payloads using IPv4, IPv6, MAC or UUID strings☆22Feb 17, 2024Updated last year
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆91Apr 23, 2025Updated 9 months ago
- C library that is intended for providing methods for executing and injecting code.☆17Aug 14, 2024Updated last year
- Automate Windows Defender STIG to 100% Compliance☆19Jul 26, 2024Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆125Feb 13, 2023Updated 3 years ago
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 6 months ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆45Sep 25, 2024Updated last year
- Load the evilDLL from socket connection without touch disk☆15Aug 27, 2021Updated 4 years ago
- Load Encrypted Dll Using LoadLibraryA, Keep The Dll Encrypted on disc all the time and decrypt it only in memory.☆23Sep 5, 2021Updated 4 years ago
- Proof of Concept example for abusing Process Hacker 2 (v2.39.124)☆23Oct 30, 2024Updated last year
- Malicious URLs and IP Addresses compiled by USOM (Computer Emergency Response Team of Turkey), updated once a day.☆20Feb 7, 2026Updated last week
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51May 8, 2024Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆166May 17, 2023Updated 2 years ago
- CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution☆51Apr 22, 2024Updated last year
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 4 months ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Cortex EDR Ransomware protection Bypass☆25Feb 8, 2025Updated last year
- a dkom rootkit that targets windows x64 systems. the rootkit hooks and edits criticl memory sections in order to hide different resources…☆18Jul 5, 2023Updated 2 years ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Mar 27, 2025Updated 10 months ago