ahron-chet / GuardBypassToolkitLinks
A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run Mimikatz in-memory. The project includes an LSASS dumper that uses a callback function and memory manipulations to bypass Windows Defender
β21Updated 11 months ago
Alternatives and similar repositories for GuardBypassToolkit
Users that are interested in GuardBypassToolkit are comparing it to the libraries listed below
Sorting:
- converts sRDI compatible dlls to shellcodeβ29Updated 5 months ago
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ45Updated last year
- β36Updated 2 years ago
- β32Updated 6 months ago
- EmbedExeLnk by x86matthew modified by d4rkiZβ42Updated 2 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETWβ84Updated 2 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dllβ37Updated last year
- Threadless shellcode injection toolβ65Updated 10 months ago
- Encode shellcode into dictionary words for evasion and entropy reductionβ26Updated 7 months ago
- A POC of a new βthreadlessβ process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and reβ¦β25Updated last year
- β27Updated 5 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.β23Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentialsβ52Updated last month
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.β61Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loaderβ50Updated last year
- An Aggressor Script that utilizes NtCreateUserProcess to run binariesβ30Updated 4 months ago
- Cobalt Strike UDRL for memory scanner evasion.β52Updated last year
- Shellcode Loader Utilizing ETW Eventsβ63Updated 4 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentialsβ48Updated last month
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.β64Updated 2 years ago
- β23Updated 4 months ago
- Various methods of executing shellcodeβ70Updated 2 years ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system cβ¦β24Updated 9 months ago
- Less sugar (entropy) for your binariesβ25Updated 3 months ago
- β38Updated 2 weeks ago
- Section-based payload obfuscation technique for x64β61Updated 10 months ago
- Bypassing Amsi using LdrLoadDllβ44Updated 5 months ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already sβ¦β63Updated last year
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.β82Updated 4 months ago
- Linker for Beacon Object Filesβ116Updated this week