boku7 / DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
☆14Updated last year
Alternatives and similar repositories for DarkWidow:
Users that are interested in DarkWidow are comparing it to the libraries listed below
- Terms of Use Conditional Access M365 Evilginx Phishlet☆32Updated last week
- Rewrite to fit my needs☆27Updated 9 months ago
- Proxy function calls through the thread pool with ease☆25Updated last month
- Example of using Sleep to create better named pipes.☆41Updated last year
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆36Updated last week
- ☆43Updated 2 weeks ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 9 months ago
- Sniffing files generator☆54Updated 2 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆50Updated last year
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆20Updated 3 weeks ago
- Rust template/library for implementing your own COFF loader☆50Updated 3 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆26Updated 2 months ago
- HTML smuggling is not an evil, it can be useful☆13Updated 2 years ago
- Parser and reconciliation tooling for large Active Directory environments.☆33Updated 2 months ago
- A C# project that builds a Web Application which redirects all HTTPS☆24Updated 2 months ago
- BOF for C2 framework☆41Updated 5 months ago
- Post-Ex BOF tooling for Hannibal☆20Updated 5 months ago
- ☆48Updated last year
- string/file/shellcode encryptor using AES/XOR☆11Updated last year
- SOCKS5 over WebSockets and HTTP☆17Updated last week
- A python script that automates a C2 Profile build☆40Updated last month
- in-process powershell runner for BRC4☆45Updated last year
- Creation and removal of Defender path exclusions and exceptions in C#.☆31Updated last year
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆70Updated 11 months ago
- ☆26Updated 2 months ago
- Click Once + App Domain☆61Updated last year
- Tool to obtain hash using MS-SNTP for user accounts☆21Updated 3 months ago
- Internal Monologue BOF☆16Updated 3 months ago
- DFSCoerce exe revisited version with custom authentication☆39Updated last year
- PoC XLL builder in Python/Nim☆46Updated 2 years ago