gmh5225 / rust-mordor-rs
Rusty Hell's Gate / Halo's Gate / Tartarus' Gate / FreshyCalls / Syswhispers2 Library
☆24Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for rust-mordor-rs
- ☆95Updated last year
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆102Updated last month
- Template-based generation of shellcode loaders☆65Updated 6 months ago
- 64-bit, position-independent reverse tcp shell, built in Rust for Windows.☆44Updated last month
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆159Updated last year
- Host CLR and run .NET binaries using Rust☆56Updated last week
- ☆59Updated 5 months ago
- ☆133Updated last year
- Threadless shellcode injection tool☆59Updated 3 months ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated 2 months ago
- ☆44Updated 2 years ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆117Updated 2 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆70Updated 3 weeks ago
- ☆108Updated last year
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- Rust port of LayeredSyscall, designed to perform indirect syscalls while generating legitimate API call stack frames by abusing Vectored …☆89Updated last week
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆78Updated last year
- Splitting and executing shellcode across multiple pages☆99Updated last year
- ☆118Updated last year
- Section-based payload obfuscation technique for x64☆58Updated 3 months ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆75Updated last year
- ☆116Updated 2 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆54Updated 7 months ago
- Patch AMSI and ETW in remote process via direct syscall☆77Updated 2 years ago
- Simple BOF to read the protection level of a process☆104Updated last year
- Find DLLs with RWX section☆75Updated last year
- ☆81Updated 2 months ago
- TypeLib persistence technique☆68Updated 2 weeks ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆113Updated last year