dr4k0nia / NixImportsLinks
A .NET malware loader, using API-Hashing to evade static analysis
☆208Updated 2 years ago
Alternatives and similar repositories for NixImports
Users that are interested in NixImports are comparing it to the libraries listed below
Sorting:
- Remote Shellcode Injector☆217Updated last year
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆170Updated 2 years ago
- miscellaneous scripts and programs☆245Updated 5 months ago
- Generate Shellcode Loaders & Injects☆156Updated 2 years ago
- Generic PE loader for fast prototyping evasion techniques☆233Updated 11 months ago
- Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs☆298Updated 2 years ago
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆106Updated 2 years ago
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆226Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆334Updated 2 years ago
- Patch AMSI and ETW☆240Updated last year
- Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.☆161Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆194Updated last year
- Bypass LSA protection using the BYODLL technique☆163Updated 9 months ago
- Exploitation of echo_driver.sys☆170Updated last year
- An App Domain Manager Injection DLL PoC on steroids☆173Updated last year
- POC for frustrating/defeating Malware Analysts☆154Updated 3 years ago
- Beacon Object File Loader☆287Updated last year
- Exploitation of process killer drivers☆201Updated last year
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆155Updated last year
- Patching AmsiOpenSession by forcing an error branching☆146Updated last year
- EDRSandblast-GodFault☆266Updated last year
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆205Updated 2 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆233Updated 2 years ago
- ☆257Updated last year
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆142Updated last year
- The code is a pingback to the Dark Vortex blog:☆177Updated 2 years ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆260Updated last year
- ☆71Updated last year
- Hide your P/Invoke signatures through other people's signed assemblies☆211Updated last year
- ☆186Updated last year