eversinc33 / Godmode
Tool for playing with Windows Access Token manipulation.
☆54Updated 2 years ago
Alternatives and similar repositories for Godmode:
Users that are interested in Godmode are comparing it to the libraries listed below
- I have documented all of the AMSI patches that I learned till now☆74Updated last year
- ☆116Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- ☆62Updated 2 years ago
- Lateral Movement via the .NET Profiler☆80Updated 4 months ago
- Simple BOF to read the protection level of a process☆114Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆74Updated 2 years ago
- ☆108Updated 4 months ago
- My implementation of Halo's Gate technique in C#☆54Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- Sleep Obfuscation☆43Updated 2 years ago
- Implant drop-in for EDR testing☆135Updated last year
- ☆133Updated last year
- ☆98Updated last year
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆80Updated 2 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆83Updated 2 years ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆59Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆118Updated 2 years ago
- Malware?☆69Updated 5 months ago
- ☆125Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆78Updated 2 years ago
- TypeLib persistence technique☆108Updated 5 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆42Updated last year
- A care package of useful bofs for red team engagments☆54Updated 3 months ago
- Identify and exploit leaked handles for local privilege escalation.☆106Updated last year
- ☆28Updated 7 months ago
- ☆123Updated 6 months ago
- ☆120Updated last year