expl0itabl3 / MalDevSnippets

Related projects: ⓘ

• ORCA666 / KCTHIJACK
  ☆43Updated this week
• hackerhouse-opensource / envschtasksuacbypass
  Bypass UAC elevation on Windows 8 (build 9600) & above.
  ☆53Updated 2 years ago
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 2 years ago
• ethereal-vx / Persistence
  Recreating and reviewing the Windows persistence methods
  ☆39Updated 2 years ago
• waldo-irc / JYang
  ☆14Updated 2 years ago
• mobdk / Sigma
  Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx
  ☆14Updated 3 years ago
• D1rkMtr / sysPPIDspoofing
  ☆24Updated this week
• GetRektBoy724 / Breaking-Detecting-Direct-Syscall-Techniques
  A repository filled with ideas to break/detect direct syscall techniques
  ☆26Updated 2 years ago
• passthehashbrowns / suspendedunhook
  ☆36Updated 3 years ago
• SolomonSklash / COM-Hijacking
  An example of COM hijacking using a proxy DLL.
  ☆20Updated 3 years ago
• crummie5 / Freshycalls_PoC
  A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯
  ☆39Updated 3 years ago
• paranoidninja / DotNetTracer
  C code to enable ETW tracing for Dotnet Assemblies
  ☆28Updated 2 years ago
• dosxuz / PerunsFart
  This is my own implementation of the Perun's Fart technique by Sektor7
  ☆64Updated 2 years ago
• deepinstinct / VSTO-POC
  A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously
  ☆23Updated last year
• APTortellini / DoH-Stager
  ☆12Updated 2 years ago
• florylsk / AmsiBypass123
  ☆12Updated last year
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆34Updated 2 years ago
• NUL0x4C / W0wS3cur1tyEDR
  ☆50Updated this week
• JetP1ane / Artemis
  Artemis - C++ Hell's Gate Syscall Implementation
  ☆31Updated last year
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆37Updated last year
• mgeeky / unhook-bof
  Remove API hooks from a Beacon process.
  ☆12Updated 3 years ago
• GetRektBoy724 / SharpLoadLibrary
  An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.
  ☆53Updated 2 years ago
• Allevon412 / BreadManModuleStomping
  ☆38Updated 11 months ago
• Ap3x / COFF-Loader
  A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader
  ☆34Updated 9 months ago
• zimawhit3 / DynimicGhostWriting
  Windows x64 Process Injection via Ghostwriting with Dynamic Configuration
  ☆27Updated 2 years ago
• CodeXTF2 / evasion-adventures-files
  Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
  ☆22Updated last year
• xalicex / Unhook-Import-Address-Table
  Piece of code to detect and remove hooks in IAT
  ☆51Updated 2 years ago
• S4R1N / TotallyNotAStager
  ☆15Updated this week
• dis0rder0x00 / CanYouCTheThief
  A C implementation of the Sektor7 "A Thief" Windows privesc technique.
  ☆59Updated 2 years ago
• mobdk / Upsilon
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆92Updated 3 years ago