ldpreload / Medusa
LD_PRELOAD Rootkit
☆198Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Medusa
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆371Updated 3 months ago
- Native Syscalls Shellcode Injector☆262Updated last year
- Performing Indirect Clean Syscalls�☆483Updated last year
- ☆235Updated last year
- Payload Loader With Evasion Features☆310Updated last year
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆346Updated last year
- Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…☆302Updated last year
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆383Updated last year
- Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists☆383Updated last year
- Automated DLL Sideloading Tool With EDR Evasion Capabilities☆458Updated 11 months ago
- Beacon Object File Loader☆274Updated 11 months ago
- TartarusGate, Bypassing EDRs☆534Updated 2 years ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆244Updated 5 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆171Updated 3 weeks ago
- PoCs for Kernelmode rootkit techniques research.☆334Updated last week
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆368Updated 10 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆325Updated 5 months ago
- elevate to SYSTEM any way we can! Metasploit and PSEXEC getsystem alternative☆348Updated last year
- Payload encoding utility to effectively lower payload entropy.☆99Updated this week
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆214Updated last year
- An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer☆454Updated 9 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆240Updated 5 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆165Updated 10 months ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆341Updated 9 months ago
- shellcode loader for your evasion needs☆272Updated last week
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆563Updated last year
- miscellaneous scripts and programs☆215Updated last year
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆494Updated 7 months ago
- Evasive shellcode loader☆283Updated last month