BYOVD: Use 360 WFP driver to block EDR/XDR network connection.
☆103Feb 10, 2026Updated 3 weeks ago
Alternatives and similar repositories for 360WFP_Exploit
Users that are interested in 360WFP_Exploit are comparing it to the libraries listed below
Sorting:
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 8 months ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 10 months ago
- Dumping LSASS Evaded Endpoint Security Solutions☆18Feb 15, 2025Updated last year
- Cobaltstrike UDRL with memory evasion☆15May 16, 2024Updated last year
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 3 months ago
- Overview of MS Defender☆108Feb 20, 2026Updated 2 weeks ago
- A synergized Visual Studio and Rust development environment☆19Jan 25, 2025Updated last year
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆152Nov 23, 2025Updated 3 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆158Mar 26, 2025Updated 11 months ago
- A Rust template for writing Beacon Object Files (BOFs)☆101Feb 11, 2026Updated 3 weeks ago
- ☆150Mar 22, 2024Updated last year
- ☆14Dec 26, 2024Updated last year
- Linux Shared Library to Shellcode Loader☆84Feb 15, 2026Updated 2 weeks ago
- CVE-2024-40711-exp☆42Oct 17, 2024Updated last year
- Beacon Object File for Cobalt Strike that executes .NET assemblies in beacon with evasion techniques.☆182Dec 23, 2025Updated 2 months ago
- Go-based C2 server inspired by Cobalt Strike; seamless agent control, web UI, and Malleable Profile support. Fast, extensible, and secure…☆30Updated this week
- ☆55May 31, 2025Updated 9 months ago
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆63Jun 23, 2025Updated 8 months ago
- ☆126Sep 1, 2024Updated last year
- A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, wit…☆256Feb 21, 2026Updated last week
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆137Apr 18, 2025Updated 10 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.☆187Jan 11, 2026Updated last month
- A C# tool for extracting information from SCCM PXE boot media.☆51Jan 14, 2026Updated last month
- MacOS Shared Library to Shellcode Loader☆54Feb 23, 2026Updated last week
- Internal Monologue BOF☆79Dec 28, 2024Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- A BOF to enumerate system process, their protection levels, and more.☆125Nov 27, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post☆237Nov 7, 2024Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆435Dec 21, 2023Updated 2 years ago
- SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.☆309Feb 16, 2026Updated 2 weeks ago
- PoC exploit for the vulnerable WatchDog Anti-Malware driver (amsdk.sys) – weaponized to kill protected EDR/AV processes via BYOVD.☆202Sep 11, 2025Updated 5 months ago
- Linux Process Injection via Seccomp Notifier☆84Dec 9, 2025Updated 2 months ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆199Jun 17, 2025Updated 8 months ago
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Lateral Movement Bof with MSI ODBC Driver Install☆145Sep 30, 2025Updated 5 months ago
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆101Jan 26, 2026Updated last month
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month