hackerhouse-opensource / Marble
The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.
☆278Updated 8 months ago
Related projects: ⓘ
- Analyse your malware to surgically obfuscate it☆373Updated 11 months ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆532Updated 3 weeks ago
- Deploy stealthy reverse shells using advanced process hollowing with GhostStrike – a C++ tool for ethical hacking and Red Team operations…☆205Updated 2 weeks ago
- ☆303Updated 11 months ago
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆367Updated last month
- Venom is a library that meant to perform evasive communication using stolen browser socket☆369Updated 11 months ago
- Offensive Lua.☆174Updated 10 months ago
- Simulate the behavior of AV/EDR for malware development training.☆443Updated 7 months ago
- JustEvadeBro, a cheat sheet which will aid you through AMSI/AV evasion & bypasses.☆291Updated 3 weeks ago
- Because AV evasion should be easy.☆297Updated 2 months ago
- ☆181Updated 7 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆228Updated 3 months ago
- ☆242Updated 7 months ago
- ☆222Updated this week
- Performing Indirect Clean Syscalls☆451Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆320Updated 3 months ago
- Generate an obfuscated DLL that will disable AMSI & ETW☆312Updated 2 months ago
- ☆263Updated last month
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆452Updated 9 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆439Updated 3 months ago
- My collection of malware dev links☆235Updated 2 weeks ago
- CIA UAC bypass implementation that utilizes elevated COM object to write to System32 and an auto-elevated process to execute as administr…☆174Updated 8 months ago
- Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8☆345Updated 3 weeks ago
- ☆260Updated last year
- Unorthodox and stealthy way to inject a DLL into the explorer using icons☆289Updated 2 months ago
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆332Updated last year
- Native Syscalls Shellcode Injector☆259Updated last year
- DPAPI looting remotely and locally in Python☆406Updated last month
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆301Updated last year
- .net config loader☆303Updated 10 months ago