listinvest / undonut
Unpacker for donut shellcode
☆17Updated 4 years ago
Alternatives and similar repositories for undonut:
Users that are interested in undonut are comparing it to the libraries listed below
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆70Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆44Updated last year
- A work in progress BOF/COFF loader in Rust☆47Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- ☆25Updated 2 months ago
- Load and execute a common object file format (COFF) in the current process☆28Updated last year
- ☆52Updated 2 years ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆29Updated 3 years ago
- Sleep Obfuscation☆44Updated 2 years ago
- ForsHops☆22Updated last week
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆22Updated last year
- ☆37Updated last year
- ☆28Updated 2 weeks ago
- Load a dynamic library from memory using a fuse mount☆30Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated last year
- various methods of making API calls☆16Updated 2 months ago
- Exploiting the KsecDD Windows driver through Server Silos☆51Updated 4 months ago
- RunPE adapted for x64 and written in C, does not use RWX☆24Updated 10 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆25Updated 2 months ago
- ☆43Updated last year
- ☆60Updated 3 years ago
- ☆98Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆36Updated last year
- A simple Linux in-memory .so loader☆29Updated 2 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆20Updated last year
- A (quite) simple steganography algorithm to hide shellcodes within bitmap image.☆21Updated 10 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- ☆29Updated 2 years ago