benheise / TitanLdr
Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
☆44Updated 3 years ago
Related projects: ⓘ
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆45Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆34Updated 9 months ago
- ☆97Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆31Updated last year
- Artemis - C++ Hell's Gate Syscall Implementation☆31Updated last year
- ☆33Updated last year
- API Hammering with C++20☆34Updated 2 years ago
- Get your data from the resource section manually, with no need for windows apis☆52Updated last year
- Halos Gate-based NTAPI Unhooker☆49Updated 2 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆53Updated 2 years ago
- ☆68Updated this week
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated last week
- ☆58Updated this week
- ☆12Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆93Updated last year
- a library that automates some clean syscalls to make it easier to implement☆80Updated last year
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Updated 3 years ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆41Updated 6 months ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆14Updated last year
- This is my own implementation of the Perun's Fart technique by Sektor7☆64Updated 2 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆73Updated 2 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year
- ☆36Updated 3 years ago
- ☆87Updated this week
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆79Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- ☆100Updated this week