aitorfirm / BlackIrisLinks
Thats it! An Open-Source Windows UEFI Rootkit
☆27Updated 2 months ago
Alternatives and similar repositories for BlackIris
Users that are interested in BlackIris are comparing it to the libraries listed below
Sorting:
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Updated 8 months ago
- A bunch of shenanigans using functions, VEH and more☆35Updated 4 months ago
- A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …☆19Updated 7 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆23Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆52Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆60Updated 11 months ago
- ☆29Updated 8 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆42Updated last year
- A way to maintain long-term access to Windows LAPS for lateral movement in AD via installing an Offensive LAPS RPC backdoor on a DC.☆27Updated 4 months ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Updated 8 months ago
- Post-Ex BOF tooling for Hannibal☆24Updated 10 months ago
- A work in progress BOF/COFF loader in Rust☆50Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- One-header configurable C++20 COFF loader☆22Updated 2 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated last year
- ☆38Updated last month
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆62Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆59Updated last year
- Proxy function calls through the thread pool with ease☆29Updated 7 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆26Updated 5 months ago
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 6 months ago
- ☆43Updated 9 months ago
- Hooked create process injection for meterpreter☆23Updated 4 years ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆73Updated last month
- Section-based payload obfuscation technique for x64☆64Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆38Updated 2 years ago
- Sleep Obfuscation☆45Updated 2 years ago
- ☆38Updated 5 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆68Updated last year
- Shellcode Loader Utilizing ETW Events☆65Updated 7 months ago