brosck / L1LKillerLinks
「⚠️」Performing a BYOVD on the truesight.sys driver
☆44Updated 10 months ago
Alternatives and similar repositories for L1LKiller
Users that are interested in L1LKiller are comparing it to the libraries listed below
Sorting:
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆123Updated 9 months ago
- Generate an Alphabetical Polymorphic Shellcode☆116Updated last month
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆92Updated last year
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆79Updated 7 months ago
- Dynamic shellcode loader with sophisticated evasion capabilities☆80Updated this week
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆189Updated 8 months ago
- A Mythic agent for Windows written in C☆136Updated 3 weeks ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆66Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- Remote DLL Injection with Timer-based Shellcode Execution☆143Updated 2 months ago
- ☆50Updated 3 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆52Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆126Updated last year
- A small How-To on creating your own weaponized WSL file☆115Updated 2 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆98Updated 2 years ago
- Create Anti-Copy DRM Malware☆65Updated last year
- Stage 0☆164Updated 9 months ago
- Impersonate Tokens using only NTAPI functions☆80Updated 6 months ago
- ☆136Updated last month
- Basic interactive Windows kernel offensive toolkit written in C☆131Updated 2 weeks ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆59Updated 4 months ago
- Remotely Enumerate sessions using undocumented Windows Station APIs☆119Updated last year
- Classic Process Injection with Memory Evasion Techniques implemantation☆72Updated last year
- ☆109Updated 7 months ago
- Охотник (Hunter) is a simple Adversary Simulation tool developed for achieves stealth through API unhooking, direct and indirect syscalls…☆89Updated 5 months ago
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆142Updated 6 months ago
- Just another C2 Redirector using CloudFlare. Support multiple C2 and multiple domains. Support for websocket listener.☆173Updated 6 months ago
- ☆122Updated last year
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 11 months ago
- Bypass the Event Trace Windows(ETW) and unhook ntdll.☆113Updated 2 years ago