deepinstinct / ContainYourself
A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.
☆300Updated last year
Related projects ⓘ
Alternatives and complementary repositories for ContainYourself
- Open Source C&C Specification☆219Updated 3 weeks ago
- Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST☆167Updated last month
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆247Updated 5 months ago
- EDRSandblast-GodFault☆240Updated last year
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆190Updated 4 months ago
- ☆293Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆236Updated 4 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆324Updated 5 months ago
- Tools for analyzing EDR agents☆208Updated 4 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆135Updated last week
- Kill AV/EDR leveraging BYOVD attack☆307Updated last year
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆171Updated last year
- ☆293Updated last week
- Extracting NetNTLM without touching lsass.exe☆223Updated 11 months ago
- Native Syscalls Shellcode Injector☆260Updated last year
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆317Updated 3 months ago
- ☆243Updated 9 months ago
- Lateral Movement Using DCOM and DLL Hijacking☆279Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆205Updated last month
- ☆309Updated last year
- ☆265Updated last year
- Generate an obfuscated DLL that will disable AMSI & ETW☆313Updated 3 months ago
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆339Updated last year
- Exploitation of process killer drivers☆186Updated last year
- ☆181Updated 9 months ago
- Evasive shellcode loader☆234Updated 3 weeks ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆264Updated 3 months ago
- Dump lsass using only NTAPIS running 3 programs to create 3 JSON and 1 ZIP file... and generate the Minidump later!☆350Updated last month
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆168Updated 10 months ago
- Patch AMSI and ETW☆230Updated 6 months ago