ahron-chet / GuardBypassToolkit
A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run Mimikatz in-memory. The project includes an LSASS dumper that uses a callback function and memory manipulations to bypass Windows Defender
☆19Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for GuardBypassToolkit
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆78Updated last year
- ☆87Updated 2 months ago
- TypeLib persistence technique☆75Updated last month
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …☆77Updated last year
- Encode shellcode into dictionary words for evasion and entropy reduction☆19Updated 2 weeks ago
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆72Updated last year
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆44Updated 6 months ago
- ☆20Updated 3 months ago
- ☆76Updated last year
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated 10 months ago
- ☆118Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆45Updated 8 months ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆113Updated last year
- 64-bit, position-independent reverse tcp shell, built in Rust for Windows.☆44Updated last month
- early cascade injection PoC based on Outflanks blog post, in rust☆48Updated 2 weeks ago
- ☆59Updated 5 months ago
- Tool for playing with Windows Access Token manipulation.☆52Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆49Updated 2 years ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆84Updated 8 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆21Updated last year
- DirSync is a simple proof of concept PowerShell module to demonstrate the impact of delegating DS-Replication-Get-Changes and DS-Replicat…☆27Updated last year
- Reasonably undetected shellcode stager and executer.☆35Updated 2 months ago
- Threadless shellcode injection tool☆61Updated 3 months ago
- C++ Staged Shellcode Loader with Evasion capabilities.☆73Updated last month
- Using LNK files and user input simulation to start processes under explorer.exe☆23Updated 2 months ago
- A C# port from Invoke-GhostTask☆110Updated 10 months ago
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- ☆62Updated 9 months ago