Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
☆41Jul 9, 2023Updated 2 years ago
Alternatives and similar repositories for birdnet-poc
Users that are interested in birdnet-poc are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A library to parse, modify, and implement Malleable C2 profiles☆27Feb 9, 2019Updated 7 years ago
- ☆10Jul 1, 2023Updated 2 years ago
- Simple reverse ICMP shell☆14Apr 30, 2024Updated last year
- An In-memory Embedding of CPython☆31May 24, 2021Updated 4 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- A python polymorphic engine for C programs☆11Dec 8, 2023Updated 2 years ago
- miscellaneous codes☆36Sep 24, 2023Updated 2 years ago
- EDR/AV Simulation for Malware Development☆13Oct 21, 2023Updated 2 years ago
- Bypassing Amsi using LdrLoadDll☆47Jan 8, 2025Updated last year
- An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.☆21Dec 15, 2024Updated last year
- In-memory hiding technique☆63Jan 5, 2025Updated last year
- Locate dlls and function addresses without PEB Walk and EAT parsing☆105Nov 7, 2025Updated 4 months ago
- OSED Practice binary☆25Nov 23, 2023Updated 2 years ago
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are a…☆139Oct 1, 2022Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- Port of Cobalt Strike's Process Inject Kit☆192Dec 1, 2024Updated last year
- Shellcode loader☆101Nov 24, 2024Updated last year
- ☆121Dec 23, 2022Updated 3 years ago
- Self Delete DLL☆22Feb 15, 2024Updated 2 years ago
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆374Apr 19, 2023Updated 2 years ago
- Apply a divide and conquer approach to bypass EDRs☆286Oct 19, 2023Updated 2 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆148May 6, 2023Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆52Dec 4, 2023Updated 2 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- ☆60Dec 15, 2023Updated 2 years ago
- BOF to run PE in Cobalt Strike Beacon without console creation☆188Nov 23, 2025Updated 4 months ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- ☆164Dec 30, 2022Updated 3 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆291May 27, 2024Updated last year
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Mar 27, 2025Updated 11 months ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Research of modifying exported function names at runtime (C/C++, Windows)☆18May 28, 2024Updated last year
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆55May 8, 2023Updated 2 years ago
- A collection of position independent coding resources☆109Nov 15, 2025Updated 4 months ago
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆144Mar 16, 2024Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 3 years ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆41Dec 7, 2025Updated 3 months ago