cod3nym / Ghosting-AMSILinks
Ghosting-AMSI
☆18Updated 5 months ago
Alternatives and similar repositories for Ghosting-AMSI
Users that are interested in Ghosting-AMSI are comparing it to the libraries listed below
Sorting:
- ☆31Updated last year
- Bypasses AMSI protection through remote memory patching and parsing technique.☆50Updated 5 months ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆30Updated 6 months ago
- ☆80Updated last year
- A more reliable way of resolving syscall numbers in Windows☆52Updated last year
- Linux Sleep Obfuscation☆105Updated last year
- ☆77Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆61Updated last year
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Updated 2 years ago
- ☆38Updated 6 months ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆76Updated 2 months ago
- macOS dylib stager☆36Updated 9 months ago
- ☆37Updated 2 years ago
- A work in progress BOF/COFF loader in Rust☆50Updated 2 years ago
- Unpacker for donut shellcode☆17Updated 5 years ago
- An example of COM hijacking using a proxy DLL.☆41Updated 4 years ago
- various methods of making API calls☆19Updated 8 months ago
- ☆47Updated 2 years ago
- A bunch of shenanigans using functions, VEH and more☆36Updated 4 months ago
- ☆58Updated last year
- Blog/Journal on how to backdoor VSCode extensions☆74Updated 3 months ago
- From C, Rust or Zig to binary shellcode compiler based on Mingw gcc. It allows using Win32 APIs and standard libraries without any change…☆49Updated last month
- Payload Obfuscation for Red Teams workshop materials☆64Updated this week
- ☆60Updated 6 months ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Updated 9 months ago
- Demoting PPL anti-malware services to less than a guest user☆63Updated 9 months ago
- BYOVD collection☆23Updated last year
- Find DLLs with RWX section☆80Updated 2 years ago
- ☆61Updated last year