frkngksl / Huan

Related projects: ⓘ

• aaaddress1 / PR0CESS
  some gadgets about windows process and ready to use :)
  ☆570Updated 11 months ago
• hasherezade / transacted_hollowing
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆516Updated 6 months ago
• mgeeky / ThreadStackSpoofer
  Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…
  ☆1,020Updated 2 years ago
• mgeeky / ShellcodeFluctuation
  An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…
  ☆913Updated 2 years ago
• xuanxuan0 / DripLoader
  Evasive shellcode loader for bypassing event-based injection detection (PoC)
  ☆701Updated 3 years ago
• hlldz / RefleXXion
  RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …
  ☆478Updated 2 years ago
• Cerbersec / Ares
  Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
  ☆324Updated 2 years ago
• Cracked5pider / KaynLdr
  KaynLdr is a Reflective Loader written in C/ASM
  ☆514Updated 9 months ago
• thefLink / RecycledGate
  Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
  ☆439Updated 2 years ago
• hasherezade / process_ghosting
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆627Updated 6 months ago
• netero1010 / ServiceMove-BOF
  New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
  ☆279Updated 2 years ago
• rad9800 / TamperingSyscalls
  ☆451Updated 2 years ago
• med0x2e / SigFlip
  SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
  ☆1,047Updated last year
• monoxgas / Koppeling
  Adaptive DLL hijacking / dynamic export forwarding
  ☆720Updated 4 years ago
• ORCA666 / Cobalt-Wipe
  ☆273Updated this week
• RedCursorSecurityConsulting / PPLKiller
  Tool to bypass LSA Protection (aka Protected Process Light)
  ☆878Updated last year
• am0nsec / HellsGate
  Original C Implementation of the Hell's Gate VX Technique
  ☆934Updated 3 years ago
• boku7 / BokuLoader
  A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
  ☆1,241Updated 9 months ago
• trustedsec / COFFLoader
  ☆457Updated last week
• joshfaust / Alaris
  A protective and Low Level Shellcode Loader that defeats modern EDR systems.
  ☆884Updated 6 months ago
• hasherezade / process_overwriting
  Yet another variant of Process Hollowing
  ☆349Updated 6 months ago
• Cracked5pider / Stardust
  A modern 64-bit position independent implant template
  ☆999Updated 4 months ago
• forrest-orr / phantom-dll-hollower-poc
  Phantom DLL hollowing PoC
  ☆349Updated 2 years ago
• NUL0x4C / AtomPePacker
  A Highly capable Pe Packer
  ☆676Updated last year
• med0x2e / ExecuteAssembly
  Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…
  ☆536Updated 3 years ago
• itm4n / PPLdump
  Dump the memory of a PPL with a userland exploit
  ☆839Updated 2 years ago
• snovvcrash / DInjector
  ☆408Updated this week
• Mr-Un1k0d3r / RedTeamCCode
  Red Team C code repo
  ☆509Updated 10 months ago
• LloydLabs / delete-self-poc
  A way to delete a locked file, or current running executable, on disk.
  ☆488Updated last month
• CCob / SharpBlock
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,094Updated 3 years ago