Mentally ill EtwTi parser
☆68Jan 11, 2026Updated last month
Alternatives and similar repositories for MentalTi
Users that are interested in MentalTi are comparing it to the libraries listed below
Sorting:
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆263Oct 16, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆237Nov 7, 2024Updated last year
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 3 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆138Apr 6, 2025Updated 11 months ago
- A COFF Loader written in Rust☆138Dec 1, 2025Updated 3 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- An example reference design for a proposed BOF PE☆200Jan 23, 2026Updated last month
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- Internal Monologue BOF☆79Dec 28, 2024Updated last year
- Hunting and injecting RWX 'mockingjay' DLLs in pure nim☆60Dec 11, 2024Updated last year
- Position-independent Reflective Loader for macOS☆118Feb 19, 2026Updated 2 weeks ago
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆209Dec 25, 2024Updated last year
- ☆127Dec 12, 2025Updated 2 months ago
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- A hacky way of getting cross-arch/platform support in Cobalt Strike☆37Aug 31, 2025Updated 6 months ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆140Oct 20, 2025Updated 4 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 6 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆138Aug 25, 2025Updated 6 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆199Jun 17, 2025Updated 8 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host☆53Jan 29, 2015Updated 11 years ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 9 months ago
- ☆31Feb 28, 2025Updated last year
- BOF with Synthetic Stackframe☆230Oct 30, 2025Updated 4 months ago
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- shell code example☆68Dec 12, 2025Updated 2 months ago
- find dll base addresses without PEB WALK☆161Jul 13, 2025Updated 7 months ago
- Reverse engineering winapi function loadlibrary.☆237Apr 17, 2023Updated 2 years ago
- An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.☆116Oct 6, 2025Updated 5 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆122Sep 8, 2024Updated last year
- ☆101Oct 7, 2023Updated 2 years ago
- WinDbg plugin to trace module transitions from a debugged driver.☆40Dec 22, 2025Updated 2 months ago
- ☆64Dec 19, 2024Updated last year