ahron-chet / GuardBypassToolkit
A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run Mimikatz in-memory. The project includes an LSASS dumper that uses a callback function and memory manipulations to bypass Windows Defender
☆20Updated 6 months ago
Alternatives and similar repositories for GuardBypassToolkit:
Users that are interested in GuardBypassToolkit are comparing it to the libraries listed below
- TypeLib persistence technique☆102Updated 3 months ago
- Indirect NT syscalls LSASS dumper.☆40Updated last year
- ☆36Updated last year
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆42Updated 10 months ago
- Encode shellcode into dictionary words for evasion and entropy reduction☆23Updated 2 months ago
- Various methods of executing shellcode☆70Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆73Updated 5 months ago
- Shellcode loader☆74Updated 2 months ago
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆45Updated 8 months ago
- ☆92Updated 4 months ago
- Threadless shellcode injection tool☆64Updated 5 months ago
- ☆19Updated 5 months ago
- ☆62Updated 11 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated 10 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆82Updated last year
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆36Updated 5 months ago
- ☆120Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆89Updated 10 months ago
- I have documented all of the AMSI patches that I learned till now☆69Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆39Updated 2 months ago
- early cascade injection PoC based on Outflanks blog post, in rust☆50Updated 2 months ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆118Updated last year
- BOF with Synthetic Stackframe☆101Updated this week
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆36Updated last year
- lsassdump via RtlCreateProcessReflection and NanoDump☆77Updated 3 months ago
- Just another ntdll unhooking using Parun's Fart technique☆73Updated last year
- A cmkr based win32 shellcode template for a unified build platform and more production friendly structure/testing.☆65Updated 2 months ago
- stack spoofing☆77Updated 2 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆52Updated 3 weeks ago