Terminate AV/EDR leveraging BYOVD attack
☆104Mar 21, 2025Updated 11 months ago
Alternatives and similar repositories for SharpBlackout
Users that are interested in SharpBlackout are comparing it to the libraries listed below
Sorting:
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆293Jul 15, 2023Updated 2 years ago
- Remote Shellcode Injector☆220Aug 27, 2023Updated 2 years ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆285Jun 8, 2023Updated 2 years ago
- ☆109Feb 17, 2025Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆65Aug 23, 2023Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆261Jun 29, 2024Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- A C# port from Invoke-GhostTask☆120Jan 5, 2024Updated 2 years ago
- Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly☆117Sep 30, 2024Updated last year
- ☆101Oct 7, 2023Updated 2 years ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆204Dec 27, 2023Updated 2 years ago
- RunPE implementation with multiple evasive techniques (1)☆382Sep 22, 2023Updated 2 years ago
- Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog …☆86Nov 8, 2023Updated 2 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆298Jul 31, 2024Updated last year
- This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.☆122Feb 21, 2025Updated last year
- A BOF to determine Windows Defender exclusions.☆253Jun 25, 2023Updated 2 years ago
- ☆125Jun 28, 2023Updated 2 years ago
- Evasive Golang Loader☆137Jul 27, 2024Updated last year
- Alternative Shellcode Execution Via Callbacks in C# with P/Invoke☆85Feb 26, 2023Updated 3 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆286Jun 18, 2025Updated 8 months ago
- Python module for running BOFs☆80Nov 28, 2025Updated 3 months ago
- A small tool I made to dump the export table of PE files. The primary use case was intended for use within DLL proxying.☆71Aug 16, 2022Updated 3 years ago
- 「💀」Proof of concept on BYOVD attack☆166Dec 7, 2024Updated last year
- ☆234Oct 8, 2024Updated last year
- ☆83Nov 1, 2023Updated 2 years ago
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆225Nov 23, 2023Updated 2 years ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆458Aug 2, 2024Updated last year
- ☆162Mar 27, 2023Updated 2 years ago
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆277Apr 17, 2023Updated 2 years ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆318Aug 31, 2023Updated 2 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆158Nov 7, 2023Updated 2 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆215Oct 19, 2024Updated last year
- Section-based payload obfuscation technique for x64☆64Aug 8, 2024Updated last year
- ☆341Nov 10, 2025Updated 3 months ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆148Dec 16, 2023Updated 2 years ago