cjm00n / EvilSln

Related projects: ⓘ

• eversinc33 / Banshee
  Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
  ☆475Updated 5 months ago
• redteamsocietegenerale / DLLirant
  DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.
  ☆468Updated last year
• reveng007 / DarkWidow
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆532Updated 3 weeks ago
• chompie1337 / Windows_LPE_AFD_CVE-2023-21768
  LPE exploit for CVE-2023-21768
  ☆473Updated last year
• NUL0x4C / AtomPePacker
  A Highly capable Pe Packer
  ☆676Updated last year
• Kudaes / Elevator
  UAC bypass by abusing RPC and debug objects.
  ☆598Updated 11 months ago
• varwara / CVE-2024-26229
  CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
  ☆310Updated 2 months ago
• gatariee / gocheck
  Because AV evasion should be easy.
  ☆297Updated 2 months ago
• Maldev-Academy / EntropyReducer
  Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
  ☆365Updated last year
• tastypepperoni / PPLBlade
  Protected Process Dumper Tool
  ☆510Updated last year
• dobin / avred
  Analyse your malware to surgically obfuscate it
  ☆373Updated 11 months ago
• MalwareTech / EDR-Preloader
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆387Updated 7 months ago
• trickster0 / TartarusGate
  TartarusGate, Bypassing EDRs
  ☆519Updated 2 years ago
• 0xda568 / IconJector
  Unorthodox and stealthy way to inject a DLL into the explorer using icons
  ☆289Updated 2 months ago
• Maldev-Academy / Christmas
  ☆242Updated 8 months ago
• Krypteria / AtlasLdr
  Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
  ☆344Updated 8 months ago
• zer0condition / mhydeath
  Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
  ☆373Updated last year
• deepinstinct / Dirty-Vanity
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆612Updated last year
• Maldev-Academy / HellHall
  Performing Indirect Clean Syscalls
  ☆451Updated last year
• icyguider / UAC-BOF-Bonanza
  Collection of UAC Bypass Techniques Weaponized as BOFs
  ☆380Updated 7 months ago
• XaFF-XaFF / Black-Angel-Rootkit
  Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  ☆606Updated 10 months ago
• SaadAhla / Shellcode-Hide
  This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…
  ☆397Updated last year
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆227Updated 3 months ago
• Helixo32 / CrimsonEDR
  Simulate the behavior of AV/EDR for malware development training.
  ☆443Updated 7 months ago
• ZeroMemoryEx / Terminator
  Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
  ☆905Updated last year
• frkngksl / Shoggoth
  Shoggoth: Asmjit Based Polymorphic Encryptor
  ☆655Updated 5 months ago
• vxCrypt0r / Voidgate
  A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…
  ☆439Updated 3 months ago
• Dec0ne / HWSyscalls
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆597Updated last year
• matro7sh / myph
  shellcode loader for your evasion needs
  ☆257Updated 3 months ago
• S3cur3Th1sSh1t / Caro-Kann
  Encrypted shellcode Injection to avoid Kernel triggered memory scans
  ☆332Updated last year