inb1ts / birdnet-pocView external linksLinks
Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
☆41Jul 9, 2023Updated 2 years ago
Alternatives and similar repositories for birdnet-poc
Users that are interested in birdnet-poc are comparing it to the libraries listed below
Sorting:
- ☆10Jul 1, 2023Updated 2 years ago
- An In-memory Embedding of CPython☆31May 24, 2021Updated 4 years ago
- Simple reverse ICMP shell☆14Apr 30, 2024Updated last year
- OSED Practice binary☆25Nov 23, 2023Updated 2 years ago
- A python polymorphic engine for C programs☆12Dec 8, 2023Updated 2 years ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆104Nov 7, 2025Updated 3 months ago
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 2 years ago
- miscellaneous codes☆36Sep 24, 2023Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆201Jun 6, 2024Updated last year
- Shellcode loader☆100Nov 24, 2024Updated last year
- In-memory hiding technique☆63Jan 5, 2025Updated last year
- Bypassing Amsi using LdrLoadDll☆47Jan 8, 2025Updated last year
- Interactive program for loading AES encrypted shellcode with Dynamic Invocation, and interactive .NET assemblies in memory.☆13Mar 16, 2022Updated 3 years ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- A library to parse, modify, and implement Malleable C2 profiles☆27Feb 9, 2019Updated 7 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆366Apr 19, 2023Updated 2 years ago
- SHELLSILO is a cutting-edge tool that translates C syntax into syscall assembly and its corresponding shellcode. It streamlines the proce…☆154Aug 4, 2025Updated 6 months ago
- ☆120Dec 23, 2022Updated 3 years ago
- Apply a divide and conquer approach to bypass EDRs☆287Oct 19, 2023Updated 2 years ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆38Dec 7, 2025Updated 2 months ago
- An all-in-one Cobalt Strike BOF to patch, check and revert AMSI and ETW for x64 process. Both syscalls and dynamic resolve versions are a…☆139Oct 1, 2022Updated 3 years ago
- The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/☆209Jan 29, 2023Updated 3 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆288May 27, 2024Updated last year
- ☆163Dec 30, 2022Updated 3 years ago
- An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.☆21Dec 15, 2024Updated last year
- ☆209Nov 28, 2023Updated 2 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆147May 6, 2023Updated 2 years ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆53Dec 21, 2023Updated 2 years ago
- ☆247Dec 16, 2022Updated 3 years ago
- Ask a TGS on behalf of another user without password☆481Mar 30, 2025Updated 10 months ago
- Unpacker for donut shellcode☆21Jun 20, 2020Updated 5 years ago
- Abuse leaked token handles.☆134Dec 14, 2023Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆187Jan 26, 2023Updated 3 years ago
- ☆259Jan 21, 2024Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 3 years ago
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆186Mar 4, 2024Updated last year
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆306Aug 2, 2023Updated 2 years ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆144Mar 16, 2024Updated last year
- Port of Cobalt Strike's Process Inject Kit☆190Dec 1, 2024Updated last year