dr4k0nia / Origami

Related projects ⓘ

Alternatives and complementary repositories for Origami

• dr4k0nia / XorStringsNET
  Easy XOR string encryption for NET based binaries
  ☆132Updated last year
• CCob / MinHook.NET
  A C# port of the MinHook API hooking library
  ☆201Updated 2 years ago
• dr4k0nia / Unscrambler
  Universal unpacker and fixer for a number of modded ConfuserEx protections
  ☆99Updated 4 years ago
• dr4k0nia / MurkyStrings
  A string obfuscator for .NET apps, built to evade static string analysis.
  ☆100Updated last year
• MahmoudZohdy / Process-Injection-Techniques
  Various Process Injection Techniques
  ☆143Updated 2 years ago
• Dewera / Pluto
  A manual system call library that supports functions from both ntdll.dll and win32u.dll
  ☆107Updated last year
• adamhlt / Process-Hollowing
  Process Hollowing in C++ (x86 / x64) - Process PE image replacement
  ☆127Updated last year
• wireless90 / ProcessInjector.NET
  Learning Process Injection and Hollowing techniques
  ☆40Updated 2 years ago
• Washi1337 / AwaitFuscator
  Transforms a .NET binary into a chain of meaningless-looking await expressions.
  ☆61Updated 5 months ago
• Washi1337 / ProxyObjects
  A Proof-of-Concept implementation for Proxy Object Obfuscation in .NET
  ☆45Updated last year
• GetRektBoy724 / DCMB
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆224Updated 4 months ago
• zer0condition / ZeroThreadKernel
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆154Updated last year
• SamuelTulach / RwxMeme
  State of the art DLL injector that took 20 minutes to make
  ☆207Updated last year
• dr4k0nia / Simple-Costura-Decompressor
  Simple tool to extract and decompress embedded resources processed by Fody Costura
  ☆63Updated 4 months ago
• Charterino / AsStrongAsFuck
  A console obfuscator for .NET assemblies.
  ☆302Updated 2 years ago
• NtRaiseHardError / NINA
  NINA: No Injection, No Allocation x64 Process Injection Technique
  ☆196Updated 4 years ago
• thesecretclub / SandboxBootkit
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆261Updated last month
• Oliver-1-1 / GhostMapper
  ☆225Updated 2 months ago
• etormadiv / HostingCLR
  Executing a .NET Assembly from C++ in Memory (CLR Hosting)
  ☆186Updated 8 years ago
• SaadAhla / StackCrypt
  Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume thread…
  ☆156Updated last year
• nbs32k / inline-syscall
  Inline syscalls made for MSVC supporting x64 and WOW64
  ☆175Updated last year
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆231Updated last year
• knight0x07 / BumbleCrypt
  A Bumblebee-inspired Crypter
  ☆80Updated last year
• dr4k0nia / NixImports
  A .NET malware loader, using API-Hashing to evade static analysis
  ☆204Updated last year
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆239Updated 2 years ago
• WithSecureLabs / CallStackSpoofer
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆431Updated 2 years ago
• enkomio / ManagedInjector
  A C# DLL injection library
  ☆210Updated 3 years ago
• ZeroMemoryEx / Handle-Ripper
  simple Windows handle hijacker with a nod to Apxaey for inspiration
  ☆201Updated last year
• schellingb / DLLFromMemory-net
  C# library to load a native DLL from memory without the need to allow unsafe code
  ☆88Updated 5 years ago
• alfarom256 / CVE-2022-3699
  Lenovo Diagnostics Driver EoP - Arbitrary R/W
  ☆169Updated last year