ahron-chet / GuardBypassToolkit
A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run Mimikatz in-memory. The project includes an LSASS dumper that uses a callback function and memory manipulations to bypass Windows Defender
☆16Updated 2 months ago
Related projects: ⓘ
- ☆56Updated 7 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆20Updated this week
- ☆18Updated last month
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆93Updated last year
- A simple PoC of injection shellcode into a remote process and get the output using namepipe☆36Updated 8 months ago
- ☆79Updated 2 weeks ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆76Updated last year
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆18Updated 11 months ago
- ☆33Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆110Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆47Updated 2 years ago
- ProcExp Driver (Ab)use☆20Updated last year
- Modified versions of the Cobalt Strike Process Injection Kit☆85Updated 7 months ago
- ☆67Updated this week
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆55Updated last year
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆30Updated last month
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆41Updated 6 months ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆18Updated last year
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated 8 months ago
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …☆65Updated last year
- A direct improvement to remote TLS Injection.☆15Updated 3 months ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆28Updated last year
- Various methods of executing shellcode☆67Updated last year
- I have documented all of the AMSI patches that I learned till now☆66Updated last year
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆74Updated last year
- A simple BOF (Beacon Object File) to search files in the system☆11Updated 9 months ago
- Command and Control☆23Updated last month
- Threadless shellcode injection tool☆56Updated last month
- Cobalt Strike Beacon Object File (BOF) that uses CredUIPromptForWindowsCredentials API to invoke credential prompt☆18Updated last year
- Beacon Object File to locate and suspend the threads hosting the Event Log service☆24Updated 2 years ago