A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.
☆17Feb 3, 2025Updated last year
Alternatives and similar repositories for PolymorphicSignature
Users that are interested in PolymorphicSignature are comparing it to the libraries listed below
Sorting:
- An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD☆49Mar 10, 2025Updated last year
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆25Sep 29, 2023Updated 2 years ago
- Attack Active Directory Trusts with a single tool☆14Jan 15, 2025Updated last year
- A tool to assist DLL hijacking via the Havoc GUI☆13Jan 9, 2024Updated 2 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆26Apr 21, 2025Updated 11 months ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆45Sep 25, 2024Updated last year
- Shellcode Loader Utilizing ETW Events☆66Feb 26, 2025Updated last year
- Docker container for running CobaltStrike 4.7 and above☆24Mar 20, 2025Updated last year
- string/file/shellcode encryptor using AES/XOR☆11Oct 15, 2023Updated 2 years ago
- ☆17May 22, 2024Updated last year
- ☆42Feb 18, 2025Updated last year
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- Port of Cobalt Strike's Process Inject Kit☆192Dec 1, 2024Updated last year
- Locate dlls and function addresses without PEB Walk and EAT parsing☆105Nov 7, 2025Updated 4 months ago
- A BOF to retrieve decryption keys for WhatsApp Desktop and a utility script to decrypt the databases.☆87Mar 2, 2025Updated last year
- ☆60Dec 15, 2023Updated 2 years ago
- BOF with Synthetic Stackframe☆233Oct 30, 2025Updated 4 months ago
- tsh多终端代理通信☆19Feb 26, 2025Updated last year
- Hunting and injecting RWX 'mockingjay' DLLs in pure nim☆60Dec 11, 2024Updated last year
- Help red teams find opsec processes during engagements☆42Dec 7, 2024Updated last year
- A lexer and parser for Sleep☆20Feb 20, 2026Updated last month
- SharpCoercer is a .NET 4.8 C# tool that leverages 16 different RPC-based coercion methods to force remote Windows hosts to authenticate t…☆56Jul 13, 2025Updated 8 months ago
- ☆13Mar 3, 2025Updated last year
- A Rust PoC implementation of the Early Bird process hollowing technique, inspired by https://github.com/boku7/HOLLOW.☆31Feb 7, 2025Updated last year
- Curated list of public Beacon Object Files(BOFs) build in as submodules for easy cloning☆138Dec 7, 2025Updated 3 months ago
- Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.☆54Jun 2, 2025Updated 9 months ago
- ☆10Dec 8, 2022Updated 3 years ago
- ☆54Oct 13, 2025Updated 5 months ago
- Stack integrity verification to Detect SleepMask or CallStack Spoofer☆53Jul 13, 2025Updated 8 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by…☆16May 6, 2024Updated last year
- Mentally ill EtwTi parser☆69Jan 11, 2026Updated 2 months ago
- ☆159Dec 13, 2024Updated last year
- Mythic C2 Agent written in x64 PIC C☆84Jan 29, 2025Updated last year
- Use Rust to implement some Red Team techniques :)☆13Nov 11, 2024Updated last year
- demo unhooking functions in ntdll☆28Jul 15, 2025Updated 8 months ago
- early cascade injection PoC based on Outflanks blog post☆239Nov 7, 2024Updated last year
- Active Directory share enumeration tool☆12Apr 28, 2025Updated 10 months ago