jm33-m0 / windows-sandbox-initLinks
Rapidly initialize Windows Sandbox for malware analysis and reverse engineering
☆135Updated 4 months ago
Alternatives and similar repositories for windows-sandbox-init
Users that are interested in windows-sandbox-init are comparing it to the libraries listed below
Sorting:
- This repository contains POC scenarios as part of CVE-2025-0411 MotW bypass.☆137Updated 3 months ago
- lolC2 is a collection of C2 frameworks that leverage legitimate services to evade detection☆224Updated 3 weeks ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆362Updated 5 months ago
- ☆303Updated 7 months ago
- ArgFuscator.net is an open-source, stand-alone web application that helps generate obfuscated command lines for common system-native exec…☆264Updated 2 months ago
- ☆399Updated 6 months ago
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆545Updated last month
- A collection of tools and detections for the Sliver C2 Frameworj☆127Updated 2 years ago
- A command and control framework written in rust.☆351Updated 4 months ago
- PoC for the Untrusted Pointer Dereference in the ks.sys driver☆279Updated 7 months ago
- Simulate the behavior of AV/EDR for malware development training.☆531Updated last year
- Fully functional, from-scratch alternative to the Cobalt Strike Beacon (red teaming tool), offering transparency and flexibility for secu…☆231Updated last year
- Windows Persistence IT-Security☆101Updated 3 months ago
- Invoke-ArgFuscator is an open-source, cross-platform PowerShell module that helps generate obfuscated command-lines for common system-nat…☆179Updated 2 months ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆276Updated 2 months ago
- EDRaser is a powerful tool for remotely deleting access logs, Windows event logs, databases, and other files on remote machines. It offer…☆367Updated last year
- ☆189Updated last year
- A PowerShell console in C/C++ with all the security features disabled☆255Updated last month
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆418Updated 10 months ago
- Nameless C2 - A C2 with all its components written in Rust☆268Updated 9 months ago
- Evasive shellcode loader☆369Updated 8 months ago
- PoC Exploit for the NTLM reflection SMB flaw.☆385Updated 2 weeks ago
- CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File☆310Updated 3 months ago
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆410Updated 11 months ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆314Updated last year
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆317Updated 8 months ago
- Tools for analyzing EDR agents☆230Updated last year
- AV/EDR Lab environment setup references to help in Malware development☆388Updated 4 months ago
- Extract and execute a PE embedded within a PNG file using an LNK file.☆422Updated 7 months ago
- A project that demonstrates embedding shellcode payloads into image files (like PNGs) using Python and extracting them using C/C++. Paylo…☆175Updated 3 months ago