mannyfred / MentalTiView external linksLinks
Mentally ill EtwTi parser
☆66Jan 11, 2026Updated last month
Alternatives and similar repositories for MentalTi
Users that are interested in MentalTi are comparing it to the libraries listed below
Sorting:
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆254Oct 16, 2024Updated last year
- Slides for COM Hijacking AV/EDR Talk on 38c3☆74Jan 3, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆116Jan 20, 2025Updated last year
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- Windows rootkit designed to work with BYOVD exploits☆214Jan 18, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆236Nov 7, 2024Updated last year
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 3 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆135Apr 6, 2025Updated 10 months ago
- A COFF Loader written in Rust☆135Dec 1, 2025Updated 2 months ago
- ☆102Sep 5, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆280Sep 18, 2024Updated last year
- An example reference design for a proposed BOF PE☆197Jan 23, 2026Updated 3 weeks ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- Hunting and injecting RWX 'mockingjay' DLLs in pure nim☆59Dec 11, 2024Updated last year
- Internal Monologue BOF☆79Dec 28, 2024Updated last year
- StoneKeeper C2, an experimental EDR evasion framework for research purposes☆208Dec 25, 2024Updated last year
- ☆125Dec 12, 2025Updated 2 months ago
- converts sRDI compatible dlls to shellcode☆35Jan 20, 2025Updated last year
- A hacky way of getting cross-arch/platform support in Cobalt Strike☆37Aug 31, 2025Updated 5 months ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆138Oct 20, 2025Updated 3 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆262Aug 31, 2025Updated 5 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆139Aug 25, 2025Updated 5 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆194Nov 27, 2024Updated last year
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆198Jun 17, 2025Updated 7 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆182Jan 17, 2026Updated 3 weeks ago
- Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host☆53Jan 29, 2015Updated 11 years ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 9 months ago
- BOF with Synthetic Stackframe☆220Oct 30, 2025Updated 3 months ago
- ☆31Feb 28, 2025Updated 11 months ago
- find dll base addresses without PEB WALK☆157Jul 13, 2025Updated 7 months ago
- An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.☆114Oct 6, 2025Updated 4 months ago
- Tools for analyzing EDR agents☆277Jun 10, 2024Updated last year
- ☆160Jan 1, 2026Updated last month
- shell code example☆67Dec 12, 2025Updated 2 months ago
- Reverse engineering winapi function loadlibrary.☆233Apr 17, 2023Updated 2 years ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆120Sep 8, 2024Updated last year
- WinDbg plugin to trace module transitions from a debugged driver.☆40Dec 22, 2025Updated last month
- ☆100Oct 7, 2023Updated 2 years ago