knight0x07 / NailaoLoader-Hiding-Execution-Flow
NailaoLoader: Hiding Execution Flow via Patching
☆20Updated last month
Alternatives and similar repositories for NailaoLoader-Hiding-Execution-Flow:
Users that are interested in NailaoLoader-Hiding-Execution-Flow are comparing it to the libraries listed below
- ☆27Updated 3 months ago
- ☆30Updated last month
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆48Updated 2 months ago
- BOF for C2 framework☆41Updated 5 months ago
- converts sRDI compatible dlls to shellcode☆23Updated 3 months ago
- ☆52Updated 4 months ago
- use python on windows with full submodule support without installation☆27Updated 3 months ago
- Execute dotnet app from unmanaged process☆73Updated 3 months ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆39Updated 3 months ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆31Updated last year
- ☆29Updated 4 months ago
- ☆28Updated 10 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆36Updated last week
- Sliver agent rewritten in C++☆45Updated 7 months ago
- Section-based payload obfuscation technique for x64☆59Updated 8 months ago
- Beacon Debugger☆40Updated 5 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆26Updated 2 months ago
- Windows AppLocker Driver (appid.sys) LPE☆55Updated 8 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆22Updated last year
- Unhook Ntdll.dll, Go & C++.☆21Updated this week
- Rust template/library for implementing your own COFF loader☆50Updated 2 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆51Updated 3 months ago
- A truly Position Independent Code (PIC) NimPlant C2 beacon written in C, without reflective loading.☆59Updated 2 months ago
- ☆55Updated 3 months ago
- ☆86Updated 8 months ago
- remote process injections using pool party techniques☆58Updated 2 months ago
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆31Updated last year
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆31Updated 11 months ago
- Tool to obtain hash using MS-SNTP for user accounts☆21Updated 3 months ago
- A simple rpc2socks alternative in pure Go.☆28Updated 9 months ago