listinvest / undonut
Unpacker for donut shellcode
☆17Updated 4 years ago
Alternatives and similar repositories for undonut:
Users that are interested in undonut are comparing it to the libraries listed below
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆45Updated last year
- ☆30Updated last month
- A work in progress BOF/COFF loader in Rust☆47Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Load and execute a common object file format (COFF) in the current process☆28Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆36Updated last year
- Sleep Obfuscation☆45Updated 2 years ago
- ☆27Updated 3 months ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆29Updated 3 years ago
- Beacon Debugger☆40Updated 5 months ago
- ☆29Updated 4 months ago
- A (quite) simple steganography algorithm to hide shellcodes within bitmap image.☆22Updated 11 months ago
- Callstack spoofing using a VEH because VEH all the things.☆21Updated last month
- ☆62Updated 3 years ago
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- ☆98Updated last year
- various methods of making API calls☆17Updated 2 months ago
- ForsHops☆41Updated 3 weeks ago
- Execute dotnet app from unmanaged process☆73Updated 3 months ago
- x64 version☆34Updated 3 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆54Updated 2 years ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated last year
- ☆30Updated 4 months ago
- BYOVD collection☆23Updated last year
- Load a dynamic library from memory using a fuse mount☆31Updated last year
- ☆53Updated last year
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆31Updated 10 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆47Updated last year