☆135Jun 28, 2023Updated 2 years ago
Alternatives and similar repositories for Malware_learns
Users that are interested in Malware_learns are comparing it to the libraries listed below
Sorting:
- ☆57Mar 25, 2024Updated last year
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- POC for frustrating/defeating Malware Analysts☆156Jun 12, 2022Updated 3 years ago
- ☆23May 28, 2021Updated 4 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- collection of apis used in malware development☆229Aug 2, 2022Updated 3 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆499Feb 3, 2022Updated 4 years ago
- A bunch of scripts and code i wrote.☆149Nov 7, 2024Updated last year
- Beacon Object File PoC implementation of KillDefender☆236Apr 12, 2022Updated 3 years ago
- This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR …☆256Jul 7, 2022Updated 3 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆147Jun 2, 2022Updated 3 years ago
- Overwrite a process's recovery callback and execute with WER☆102Apr 17, 2022Updated 3 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆535Aug 1, 2022Updated 3 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆500Jan 25, 2022Updated 4 years ago
- Process Ghosting in C#☆220Jan 24, 2022Updated 4 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- A project to replicate the functionality of Noah Powers' ServerSetup script, but with error handling and fixed Namecheap API support.☆33Oct 1, 2021Updated 4 years ago
- Patching AmsiOpenSession by forcing an error branching☆154Aug 2, 2023Updated 2 years ago
- My implementation of Halo's Gate technique in C#☆54Apr 20, 2022Updated 3 years ago
- ☆505Aug 14, 2022Updated 3 years ago
- Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html☆144Apr 21, 2022Updated 3 years ago
- Various ways to execute shellcode☆508Mar 13, 2024Updated last year
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆60Dec 15, 2023Updated 2 years ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆102Jan 7, 2022Updated 4 years ago
- Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.☆117Dec 26, 2021Updated 4 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- A Nim implementation of reflective PE-Loading from memory☆300Sep 5, 2024Updated last year
- Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.☆382Mar 8, 2023Updated 2 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆100Mar 27, 2022Updated 3 years ago
- Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.☆49Dec 31, 2021Updated 4 years ago
- Experiment on reproducing Obfuscate & Sleep☆162Mar 14, 2021Updated 4 years ago
- evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)☆1,497Dec 21, 2023Updated 2 years ago
- PE obfuscator with Evasion in mind☆213Apr 25, 2023Updated 2 years ago