janoglezcampos / DeathSleep
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementing page protection changes during no execution.
☆491Updated 2 years ago
Related projects: ⓘ
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆342Updated 2 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆612Updated last year
- TartarusGate, Bypassing EDRs☆519Updated 2 years ago
- Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists☆365Updated last year
- Sleep Obfuscation☆661Updated 9 months ago
- PIC lsass dumper using cloned handles☆570Updated last year
- ☆500Updated 6 months ago
- Performing Indirect Clean Syscalls☆451Updated last year
- ☆457Updated last week
- KaynLdr is a Reflective Loader written in C/ASM☆514Updated 9 months ago
- Cobalt Strike UDRL for memory scanner evasion.☆865Updated 3 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆597Updated last year
- A shellcode function to encrypt a running process image when sleeping.☆329Updated 3 years ago
- Aims to identify sleeping beacons☆461Updated 3 months ago
- Various ways to execute shellcode☆472Updated 6 months ago
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆332Updated last year
- ☆451Updated 2 years ago
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆551Updated 11 months ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆287Updated last year
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆316Updated last month
- Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!☆430Updated last year
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆363Updated 8 months ago
- A Highly capable Pe Packer☆676Updated last year
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆367Updated last month
- Dump the memory of any PPL with a Userland exploit chain☆327Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆532Updated 3 weeks ago
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆309Updated last year
- Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime☆296Updated last year
- ☆309Updated this week
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆235Updated last year