Patchless AMSI + ETW bypass via PAGE_GUARD exceptions and Vectored Exception Handler (VEH)
☆16Mar 24, 2026Updated 3 months ago
Alternatives and similar repositories for amsi-pageguard-veh
Users that are interested in amsi-pageguard-veh are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- ☆11Feb 12, 2023Updated 3 years ago
- Bypassing Amsi using LdrLoadDll☆48Jan 8, 2025Updated last year
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆50Jul 6, 2025Updated last year
- This repository will contain source codes from the Tradecraft improvement blog series☆14Mar 27, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Dec 11, 2023Updated 2 years ago
- A tool for leveraging elevated acess over a computer to boot the computer into Windows Safe Mode, alter settings, and then boot back into…☆17Nov 6, 2021Updated 4 years ago
- A proof-of-concept to demonstrate randomized execution paths and their impact on call stack signatures — ideal for EDR testing, behavior-…☆24Jan 17, 2026Updated 5 months ago
- A C#-implemented malware that dynamically modifies its own hash upon each execution to evade detection.☆17Feb 3, 2025Updated last year
- Payload Generation Workflow☆41Jul 18, 2025Updated 11 months ago
- OneDrive, operating on Microsoft Windows 11 Pro is vulnerable to DLL hijacking.☆22Nov 9, 2023Updated 2 years ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loader☆46Sep 25, 2024Updated last year
- A compiled language for Windows position-independent x86-64 shellcode and Beacon Object Files.☆170Jun 28, 2026Updated 2 weeks ago
- Adaptix C2 agent using Crystal Palace PIC linker and PICO module system☆98Jun 7, 2026Updated last month
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Modular User-Defined Reflective Loader (UDRL) built on Crystal Palace for controlled DLL execution and evasion research.☆30Apr 14, 2026Updated 3 months ago
- A sleepmask based on Ekko that preserves unwind data at sleep time.☆54Mar 30, 2026Updated 3 months ago
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆15Apr 2, 2026Updated 3 months ago
- An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD☆50Mar 10, 2025Updated last year
- demo unhooking functions in ntdll☆28Jul 15, 2025Updated 11 months ago
- Proxll is a tool designed to simplify the generation of proxy DLLs while addressing common conflicts related to windows.h☆41Oct 8, 2024Updated last year
- Advanced Domain Controller attack and credential analysis tool leveraging DonPAPI database☆267Nov 3, 2025Updated 8 months ago
- Set of PoC to abuse Windows minifilters functionality☆93May 1, 2026Updated 2 months ago
- A tool to assist DLL hijacking via the Havoc GUI☆14Jan 9, 2024Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Blog/Journal on how to backdoor VSCode extensions☆81Feb 24, 2026Updated 4 months ago
- PowerShell scripts for alternative SharpHound enumeration, including users, groups, computers, and certificates, using the ActiveDirector…☆408Jan 14, 2026Updated 6 months ago
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆66Apr 2, 2025Updated last year
- RustyWater represents the main payload and the backbone of the entire adversarial operation in Static Kitten group attacks.☆96Updated this week
- ☆41Oct 16, 2025Updated 8 months ago
- Random BOFs for LDAP tradecraft☆73Sep 9, 2025Updated 10 months ago
- converts sRDI compatible dlls to shellcode☆39Jan 20, 2025Updated last year
- Proof-of-concept implementation of AI-enabled postex DLLs☆95Sep 10, 2025Updated 10 months ago
- a minimal, position-independent C shellcode framework for Windows x64. compiles entirely on Linux☆61Jun 13, 2026Updated last month
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- BOF with Synthetic Stackframe☆255Oct 30, 2025Updated 8 months ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆109Nov 7, 2025Updated 8 months ago
- Evasive loader for .NET Framework assemblies☆44May 14, 2026Updated 2 months ago
- Indirect-Shellcode-Executor expoits the miss-configuration/vulnerability present on the API Windows method ReadProcessMemory discovered b…☆85Nov 15, 2025Updated 7 months ago
- Dump Teams conversations☆18Jun 9, 2021Updated 5 years ago
- tsh多终端代理通信☆21Feb 26, 2025Updated last year