ahron-chet / GuardBypassToolkit
A tool that bypasses Windows Defender by manually loading DLLs, parsing EAT directly, and updating IAT with unhooked functions to run Mimikatz in-memory. The project includes an LSASS dumper that uses a callback function and memory manipulations to bypass Windows Defender
β21Updated 10 months ago
Alternatives and similar repositories for GuardBypassToolkit
Users that are interested in GuardBypassToolkit are comparing it to the libraries listed below
Sorting:
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ44Updated last year
- β36Updated 2 years ago
- EmbedExeLnk by x86matthew modified by d4rkiZβ42Updated 2 years ago
- β23Updated 2 months ago
- Encode shellcode into dictionary words for evasion and entropy reductionβ25Updated 6 months ago
- Shellcode Loader Utilizing ETW Eventsβ63Updated 2 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentialsβ28Updated this week
- A POC of a new βthreadlessβ process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and reβ¦β23Updated last year
- converts sRDI compatible dlls to shellcodeβ29Updated 3 months ago
- Threadless shellcode injection toolβ64Updated 9 months ago
- β97Updated 8 months ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already sβ¦β62Updated last year
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentialsβ35Updated this week
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETWβ84Updated 2 years ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.β22Updated last year
- Bypassing Amsi using LdrLoadDllβ44Updated 4 months ago
- Execute dotnet app from unmanaged processβ74Updated 4 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loaderβ48Updated last year
- β30Updated 4 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.β74Updated 9 months ago
- BypassCredGuard CS BOFβ38Updated 3 months ago
- Cobalt Strike UDRL for memory scanner evasion.β51Updated last year
- Impersonate Tokens using only NTAPI functionsβ72Updated last month
- Improved version of EKKO by @5pider that Encrypts only Image Sectionsβ119Updated 2 years ago
- stack spoofingβ84Updated 5 months ago
- β40Updated last week
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.β39Updated last year
- β58Updated 3 months ago
- lsassdump via RtlCreateProcessReflection and NanoDumpβ82Updated 6 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.β47Updated last year