coleak2021 / vehsyscall
vehsyscall:a syscall project that may bypass EDR
☆54Updated last year
Alternatives and similar repositories for vehsyscall:
Users that are interested in vehsyscall are comparing it to the libraries listed below
- more conveniently Visual-Studio-BOF-template☆62Updated last year
- Efficient RAT signature locator for bypassing AV/EDR, supporting static scanning and memory scanning.☆33Updated 4 months ago
- Self Cleanup in post-ex job☆49Updated 6 months ago
- Binary Hollowing☆71Updated 6 months ago
- ☆26Updated last year
- ☆40Updated last year
- shellcode生成框架☆84Updated 8 months ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆42Updated 10 months ago
- 自定义函数堆栈,从而绕过ETW检测,这个是完整版。☆13Updated 11 months ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆42Updated 2 years ago
- Shellcode Reductio Entropy Tools☆64Updated last year
- Silently Install Chrome Extension For Persistence☆49Updated 8 months ago
- Beacon compiled using clang☆63Updated 2 years ago
- 免杀计划任务进行权限维持,过主流杀软。 A schtask tool bypass anti-virus☆67Updated 2 years ago
- CobaltStrike4.5 Sleeve解密文件,搬砖加一点点修改, 仅作备份使用.☆31Updated 2 years ago
- A packer which adds encrypted shell to protect your PE file☆19Updated 4 months ago
- Delete file regardless of whether the handle is used via SetFileInformationByHandle☆42Updated last year
- ☆91Updated 3 years ago
- Help red teams find opsec processes during engagements☆36Updated 3 months ago
- kill AV/EDR☆22Updated last year
- Use COM Component Bypass UAC,Dll Version☆33Updated 3 years ago
- ☆31Updated last year
- ☆46Updated 11 months ago
- BOF implementation of delete self poc that delete a locked executable or a currently running file from disk by its pid, path, or the curr…☆71Updated last year
- A Blind EDR Project for Educational Purposes☆26Updated 2 months ago
- hey!这里用来存放公众号中使用的代码☆8Updated 8 months ago
- Execute Remote Assembly with args passing and with AMSI and ETW patching .☆32Updated 2 years ago
- Bypass EDR Create TaskServers☆36Updated 2 years ago
- command execute without 445 port☆53Updated 3 years ago
- Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Pr…☆71Updated last year