.NET assembly loader with patching AMSI and ETW bypass
☆31Apr 16, 2025Updated 10 months ago
Alternatives and similar repositories for PatchedCLRLoader
Users that are interested in PatchedCLRLoader are comparing it to the libraries listed below
Sorting:
- .NET assembly loader with patchless AMSI and ETW bypass in Rust☆58Oct 9, 2024Updated last year
- A bunch of shenanigans using functions, VEH and more☆37Jun 8, 2025Updated 8 months ago
- This is a VxLAN PoC code for Talks: From Spoofing to Tunneling: New Red Team's Networking Techniques for Initial Access and Evasion☆28Jul 21, 2025Updated 7 months ago
- Lsass dumper evading (all ?) EDR detection☆49Nov 10, 2025Updated 3 months ago
- kernel callback removal (Bypassing EDR Detections)☆211Nov 14, 2025Updated 3 months ago
- Cobalt Strike BOF for evasive .NET assembly execution☆308Mar 31, 2025Updated 11 months ago
- ☆26Aug 11, 2025Updated 6 months ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- Random BOFs for LDAP tradecraft☆74Sep 9, 2025Updated 5 months ago
- Docker container for running CobaltStrike 4.7 and above☆24Mar 20, 2025Updated 11 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆28Sep 18, 2024Updated last year
- modified mssqlclient from impacket to extract policies from the SCCM database☆44Feb 24, 2026Updated last week
- My projects to understand malware development and detection. Use responsibly. I'm not responsible if you cause unauthorised damage to any…☆110Jun 16, 2025Updated 8 months ago
- This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.☆26Jul 26, 2024Updated last year
- Permanently disable EDRs as local admin☆127Dec 19, 2025Updated 2 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆298Jul 31, 2024Updated last year
- Gain insights into COM/DCOM implementations that may be vulnerable using an automated approach and make it easy to visualize the data. By…☆157Nov 23, 2025Updated 3 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 7 months ago
- Shellcode capable of bypassing EAF / IAF mitigations☆28Apr 11, 2023Updated 2 years ago
- A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.☆164Oct 31, 2024Updated last year
- Tamper Active Directory user attributes to collect their hashes with MS-SNTP☆64Jan 21, 2025Updated last year
- Encrypt any C# binary or bin file☆12Aug 1, 2024Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Aug 13, 2024Updated last year
- A PoC for Early Cascade process injection technique.☆211Jan 30, 2025Updated last year
- Indirect Syscall with TartarusGate Approach in Go☆135Jul 8, 2025Updated 7 months ago
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆50Jul 6, 2025Updated 7 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 9 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆266Apr 8, 2025Updated 10 months ago
- Use Rust to implement some Red Team techniques :)☆13Nov 11, 2024Updated last year
- DEFCON 33 Workshop - Open Source Malware 101 - Everything you always wanted to know about npm malware (and more)☆15Aug 8, 2025Updated 6 months ago
- Certipy in Docker☆13Mar 28, 2024Updated last year
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 9 months ago
- Research project showcasing various malware evasion techniques used to bypass AVs and EDRs, continuously updated with new methods.☆38Jan 8, 2025Updated last year
- NSecSoftBYOVD POC☆57Feb 12, 2026Updated 3 weeks ago
- ☆54Oct 13, 2025Updated 4 months ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆104Nov 7, 2025Updated 3 months ago
- A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)☆61Feb 4, 2026Updated last month
- Early cascade injection PoC based on Outflanks blog post written in Rust☆68Dec 26, 2025Updated 2 months ago