dr4k0nia / XorStringsNET

Related projects ⓘ

Alternatives and complementary repositories for XorStringsNET

• dr4k0nia / MurkyStrings
  A string obfuscator for .NET apps, built to evade static string analysis.
  ☆100Updated last year
• dr4k0nia / Origami
  Packer compressing .net assemblies, (ab)using the PE format for data storage
  ☆160Updated last year
• dr4k0nia / NixImports
  A .NET malware loader, using API-Hashing to evade static analysis
  ☆203Updated last year
• SaadAhla / StackCrypt
  Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume thread…
  ☆154Updated last year
• SECFORCE / SharpASM
  SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…
  ☆57Updated 2 years ago
• floesen / KExecDD
  Admin to Kernel code execution using the KSecDD driver
  ☆237Updated 6 months ago
• mrexodia / lolbin-poc
  Small PoC of using a Microsoft signed executable as a lolbin.
  ☆132Updated last year
• xpn / NautilusProject
  A collection of weird ways to execute unmanaged code in .NET
  ☆158Updated 3 years ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆231Updated last year
• knight0x07 / BumbleCrypt
  A Bumblebee-inspired Crypter
  ☆80Updated last year
• LloydLabs / process-enumeration-stealth
  ☆76Updated 2 months ago
• YOLOP0wn / EchoDrv
  Exploitation of echo_driver.sys
  ☆166Updated last year
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆88Updated 4 months ago
• y11en / FOLIAGE
  Experiment on reproducing Obfuscate & Sleep
  ☆138Updated 3 years ago
• Dump-GUY / sc2pe
  Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE
  ☆64Updated last year
• realoriginal / angryorchard
  A kernel vulnerability used to achieve arbitrary read-write on Windows prior to July 2022
  ☆105Updated last year
• uf0o / windows-ps-callbacks-experiments
  Files for http://blog.deniable.org/posts/windows-callbacks/
  ☆67Updated 2 years ago
• wireless90 / ProcessInjector.NET
  Learning Process Injection and Hollowing techniques
  ☆39Updated 2 years ago
• xenoscr / manual-syscall-detect
  A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
  ☆104Updated 2 years ago
• RedTeamOperations / VEH-PoC
  ☆105Updated last year
• rad9800 / misc
  miscellaneous scripts and programs
  ☆214Updated last year
• EvanMcBroom / perfect-loader
  Load a dynamic library from memory by modifying the native Windows loader
  ☆202Updated last year
• ZeroMemoryEx / Handle-Ripper
  simple Windows handle hijacker with a nod to Apxaey for inspiration
  ☆200Updated last year
• NUL0x4C / KnownDllUnhook
  Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
  ☆287Updated 2 years ago
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆236Updated 2 years ago
• alfarom256 / CVE-2022-3699
  Lenovo Diagnostics Driver EoP - Arbitrary R/W
  ☆169Updated last year
• fortra / hw-call-stack
  Use hardware breakpoints to spoof the call stack for both syscalls and API calls
  ☆181Updated 5 months ago
• trickster0 / LdrLoadDll-Unhooking
  LdrLoadDll Unhooking
  ☆120Updated 2 years ago
• iilegacyyii / ExportDumper
  A small tool I made to dump the export table of PE files. The primary use case was intended for use within DLL proxying.
  ☆68Updated 2 years ago
• tasox / CSharp_Process_Injection
  ☆63Updated 8 months ago