cbrnrd / maliketh
🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
☆36Updated 6 months ago
Related projects: ⓘ
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆34Updated 9 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆55Updated last year
- Command and Control☆23Updated last month
- a demo module for the kaine agent to execute and inject assembly modules☆33Updated 3 weeks ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆41Updated 6 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆22Updated 3 months ago
- A direct improvement to remote TLS Injection.☆15Updated 3 months ago
- Various methods of executing shellcode☆67Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated last week
- ☆18Updated last month
- In-memory hiding technique☆36Updated 3 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 7 months ago
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆56Updated last year
- Classic Process Injection with Memory Evasion Techniques implemantation☆64Updated 10 months ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year
- ☆33Updated last year
- Splitting and executing shellcode across multiple pages☆98Updated last year
- A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user☆30Updated last month
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆52Updated last month
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆22Updated last month
- Windows AppLocker Driver (appid.sys) LPE☆30Updated last month
- Section-based payload obfuscation technique for x64☆59Updated last month
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆31Updated last year
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆18Updated 11 months ago
- API Hammering with C++20☆34Updated 2 years ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆20Updated this week
- Template-based generation of shellcode loaders☆63Updated 4 months ago
- ☆68Updated 3 weeks ago