florylsk / SignatureGate
Weaponized HellsGate/SigFlip
☆199Updated last year
Alternatives and similar repositories for SignatureGate:
Users that are interested in SignatureGate are comparing it to the libraries listed below
- .NET assembly loader with patchless AMSI and ETW bypass☆328Updated last year
- Execute shellcode files with rundll32☆199Updated last year
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆221Updated 2 years ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆226Updated last year
- Lateral Movement Using DCOM and DLL Hijacking☆289Updated last year
- Extracting NetNTLM without touching lsass.exe☆234Updated last year
- ☆155Updated 2 years ago
- Patching AmsiOpenSession by forcing an error branching☆145Updated last year
- Generic PE loader for fast prototyping evasion techniques☆230Updated 9 months ago
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆204Updated last year
- Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime☆304Updated last year
- ☆224Updated 11 months ago
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆177Updated last year
- ☆151Updated last year
- An App Domain Manager Injection DLL PoC on steroids☆169Updated last year
- Port of Cobalt Strike's Process Inject Kit☆171Updated 4 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆185Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆188Updated last year
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆229Updated 2 years ago
- My implementation of the GIUDA project in C++☆180Updated last year
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆146Updated 2 years ago
- Patch AMSI and ETW☆236Updated 11 months ago
- Execute shellcode from a remote-hosted bin file using Winhttp.☆233Updated last year
- ☆180Updated last year
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆319Updated 2 years ago
- A basic emulation of an "RPC Backdoor"☆239Updated 2 years ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆150Updated last year
- Generate Shellcode Loaders & Injects☆155Updated last year
- Credential Guard Bypass Via Patching Wdigest Memory☆321Updated 2 years ago
- A BOF to determine Windows Defender exclusions.☆245Updated last year