klezVirus / koppeling-p
Adaptive DLL hijacking / dynamic export forwarding - EAT preserve
☆72Updated last month
Related projects: ⓘ
- ☆21Updated 3 weeks ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 2 months ago
- ☆27Updated 3 months ago
- ☆79Updated 2 weeks ago
- Section-based payload obfuscation technique for x64☆59Updated last month
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated 6 months ago
- Lateral Movement via the .NET Profiler☆74Updated 3 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- ☆62Updated last month
- ☆79Updated 4 months ago
- A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders Stardust☆79Updated 5 months ago
- ☆57Updated 9 months ago
- ☆101Updated 4 months ago
- ☆47Updated last year
- Find DLLs with RWX section☆74Updated last year
- A more reliable way of resolving syscall numbers in Windows☆49Updated 7 months ago
- ☆94Updated 11 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆37Updated last year
- Construct the payload at runtime using an array of offsets☆59Updated 3 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆106Updated last month
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆50Updated 6 months ago
- Click Once + App Domain☆61Updated 9 months ago
- Windows Thread Pool Injection Havoc Implementation☆26Updated 5 months ago
- Threadless shellcode injection tool☆56Updated last month
- A process injection technique using only thread context manipulation☆21Updated 9 months ago
- ☆70Updated last year
- Simple BOF to read the protection level of a process☆101Updated last year
- I have documented all of the AMSI patches that I learned till now☆66Updated last year
- Determine if the WebClient Service (WebDAV) is running on a remote system☆15Updated 6 months ago
- Lockless BOF☆62Updated 7 months ago