Windows Protected Process Light toggle tool — dynamically finds offsets and patches EPROCESS using RTCore64
☆66May 2, 2025Updated 10 months ago
Alternatives and similar repositories for nyxppl
Users that are interested in nyxppl are comparing it to the libraries listed below
Sorting:
- CLI version of NetworkMiner (https://www.netresec.com/?page=NetworkMiner)☆13Dec 1, 2025Updated 3 months ago
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆70Jan 19, 2026Updated 2 months ago
- ☆38Apr 15, 2025Updated 11 months ago
- ☆64Jan 2, 2024Updated 2 years ago
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆105Feb 25, 2025Updated last year
- ☆16Dec 7, 2025Updated 3 months ago
- A framework for OAuth 2.0 device code authentication grant flow phishing☆46May 31, 2023Updated 2 years ago
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- ☆53Sep 23, 2025Updated 5 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 6 months ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…☆59Mar 17, 2025Updated last year
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆55Sep 20, 2022Updated 3 years ago
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆24Jul 5, 2023Updated 2 years ago
- A BOF tool that can be used to collect passwords using CredUIPromptForWindowsCredentialsName.☆16Jun 16, 2022Updated 3 years ago
- ☆61Feb 10, 2022Updated 4 years ago
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Analyzes AdminSDHolder permissions & compares with default baseline or a previous run, to detect potential backdoor/excessive persistent …☆16Apr 8, 2025Updated 11 months ago
- An advanced utility for converting Windows Portable Executable (PE) files to position-independent code (PIC) shellcode. It enables execut…☆66Mar 1, 2025Updated last year
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆210Dec 17, 2025Updated 3 months ago
- C++ tool and library for converting .bin files to shellcode in multiple output formats.☆34Aug 18, 2025Updated 7 months ago
- A short scraper looking for a POC of CVE-2024-49112☆14Dec 16, 2024Updated last year
- kernel callback removal (Bypassing EDR Detections)☆210Nov 14, 2025Updated 4 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- ☆117Jun 17, 2025Updated 9 months ago
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Sep 8, 2021Updated 4 years ago
- ZeroProbe is an advanced enumeration and analysis framework designed for exploit developers, security researchers, and red teamers. It pr…☆107Mar 10, 2025Updated last year
- An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE …☆25Aug 2, 2024Updated last year
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆85Aug 13, 2024Updated last year
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆158Nov 7, 2023Updated 2 years ago
- This is the tool to dump the LSASS process on modern Windows 11☆563Nov 1, 2025Updated 4 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆52Dec 4, 2023Updated 2 years ago
- Detect Remote Local Credentials Dumping using a Shadow Snapshot☆32Jan 27, 2025Updated last year
- Binary Exploitation Phrack CTF Challenge☆70Aug 21, 2025Updated 7 months ago
- ☆24Jan 15, 2024Updated 2 years ago
- Windows rootkit designed to work with BYOVD exploits☆217Jan 18, 2025Updated last year
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆134Dec 8, 2025Updated 3 months ago