dr4k0nia / Origami
Packer compressing .net assemblies, (ab)using the PE format for data storage
☆173Updated 2 years ago
Alternatives and similar repositories for Origami:
Users that are interested in Origami are comparing it to the libraries listed below
- Easy XOR string encryption for NET based binaries☆137Updated last year
- A manual system call library that supports functions from both ntdll.dll and win32u.dll☆109Updated last year
- A string obfuscator for .NET apps, built to evade static string analysis.☆102Updated 2 years ago
- A Proof-of-Concept implementation for Proxy Object Obfuscation in .NET☆47Updated 2 years ago
- Learning Process Injection and Hollowing techniques☆41Updated 2 years ago
- user-mode Rootkit☆104Updated 2 years ago
- Universal unpacker and fixer for a number of modded ConfuserEx protections☆105Updated 4 years ago
- A C# port of the MinHook API hooking library☆210Updated 3 years ago
- DotNet Obfuscator/Packer☆101Updated 4 years ago
- Hide malware behind a legit process C#☆118Updated 5 years ago
- A Bumblebee-inspired Crypter☆80Updated 2 years ago
- Fud Runpe Av Evasion / All Av Bypass☆32Updated 2 years ago
- Injecting shellcode into a process memory and executing it in C#☆54Updated 2 years ago
- Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume thread…☆159Updated last year
- Exploit MsIo vulnerable driver☆94Updated 3 years ago
- Various Process Injection Techniques☆148Updated 2 years ago
- State of the art DLL injector that took 20 minutes to make☆211Updated last year
- Executing a .NET Assembly from C++ in Memory (CLR Hosting)☆190Updated 8 years ago
- A .NET malware loader, using API-Hashing to evade static analysis☆208Updated last year
- ConfuserEx unpacking tools☆181Updated 2 years ago
- Dump .net assembly from a native loader which uses ClrCreateinstance☆54Updated 2 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆109Updated 3 years ago
- Simple tool to extract and decompress embedded resources processed by Fody Costura☆67Updated 8 months ago
- Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI☆79Updated 3 years ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆178Updated last year
- Process Hollowing in C++ (x86 / x64) - Process PE image replacement☆141Updated last year
- vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.☆91Updated 3 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆203Updated 3 years ago
- Transforms a .NET binary into a chain of meaningless-looking await expressions.☆69Updated 3 months ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated 9 months ago