daem0nc0re / VectorKernel

Related projects: ⓘ

• Dec0ne / DllNotificationInjection
  A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…
  ☆431Updated last year
• trickster0 / TartarusGate
  TartarusGate, Bypassing EDRs
  ☆519Updated 2 years ago
• gabriellandau / PPLFault
  ☆500Updated 6 months ago
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆247Updated 8 months ago
• iilegacyyii / ThreadlessInject-BOF
  BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
  ☆363Updated 8 months ago
• rainerzufalldererste / windows_x64_shellcode_template
  An easily modifiable shellcode template for Windows x64 written in C
  ☆191Updated last year
• eversinc33 / Banshee
  Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
  ☆475Updated 5 months ago
• MalwareTech / EDR-Preloader
  An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
  ☆387Updated 7 months ago
• pard0p / CallstackSpoofingPOC
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆320Updated 7 months ago
• NUL0x4C / KnownDllUnhook
  Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
  ☆286Updated last year
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆228Updated 2 weeks ago
• Dec0ne / HWSyscalls
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆597Updated last year
• Cracked5pider / Ekko
  Sleep Obfuscation
  ☆661Updated 9 months ago
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆227Updated 3 months ago
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆320Updated 3 months ago
• c0de90e7 / GhostWriting
  GhostWriting Injection Technique.
  ☆162Updated 6 years ago
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆232Updated 5 months ago
• Maldev-Academy / HellHall
  Performing Indirect Clean Syscalls
  ☆451Updated last year
• RtlDallas / Jomungand
  ☆238Updated this week
• zer0condition / mhydeath
  Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
  ☆373Updated last year
• S3cur3Th1sSh1t / Caro-Kann
  Encrypted shellcode Injection to avoid Kernel triggered memory scans
  ☆332Updated last year
• ElliotKillick / LdrLockLiberator
  For when DLLMain is the only way
  ☆340Updated 4 months ago
• WithSecureLabs / CallStackSpoofer
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆415Updated 2 years ago
• Maldev-Academy / EntropyReducer
  Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
  ☆365Updated last year
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆272Updated last month
• RtlDallas / KrakenMask
  ☆204Updated this week
• Maldev-Academy / Christmas
  ☆242Updated 7 months ago
• fortra / No-Consolation
  A BOF that runs unmanaged PEs inline
  ☆520Updated this week
• deepinstinct / Dirty-Vanity
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆612Updated last year
• CognisysGroup / HadesLdr
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆282Updated last year