gatariee / ldrgen
Template-based generation of shellcode loaders
☆63Updated 4 months ago
Related projects: ⓘ
- ☆94Updated 11 months ago
- Rusty Hell's Gate / Halo's Gate / Tartarus' Gate / FreshyCalls / Syswhispers2 Library☆25Updated last year
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆151Updated last year
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆106Updated last month
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆76Updated 3 months ago
- ☆58Updated 3 months ago
- Splitting and executing shellcode across multiple pages☆98Updated last year
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆99Updated this week
- Section-based payload obfuscation technique for x64☆59Updated last month
- ☆67Updated this week
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆75Updated 6 months ago
- Threadless shellcode injection tool☆56Updated last month
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆74Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- A set of programs for analyzing common vulnerabilities in COM☆94Updated last week
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆31Updated 2 months ago
- ☆132Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆145Updated last month
- ☆113Updated 11 months ago
- ☆101Updated 4 months ago
- ☆33Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆50Updated 6 months ago
- Construct the payload at runtime using an array of offsets☆59Updated 3 months ago
- Do some DLL SideLoading magic☆72Updated 11 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 7 months ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆72Updated last month
- ☆142Updated 11 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated 6 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆52Updated last month