mannyfred / SentinelBruh
Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution
☆38Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for SentinelBruh
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆104Updated 2 months ago
- Malware?☆70Updated last month
- Collect Windows telemetry for Maldev☆57Updated this week
- Threadless shellcode injection tool☆60Updated 3 months ago
- ☆81Updated 3 months ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆164Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆55Updated 3 months ago
- ☆59Updated 5 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆117Updated 3 months ago
- ☆96Updated last year
- Section-based payload obfuscation technique for x64☆58Updated 3 months ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated 2 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆37Updated 2 months ago
- ☆133Updated last year
- A process injection technique using only thread context manipulation☆23Updated 11 months ago
- Find DLLs with RWX section☆75Updated last year
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆95Updated 7 months ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆108Updated last year
- stack spoofing☆53Updated this week
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆125Updated 5 months ago
- Template-based generation of shellcode loaders☆67Updated 7 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆127Updated 2 years ago
- Patch AMSI and ETW in remote process via direct syscall☆77Updated 2 years ago
- a stage1 DLL loader with sleep obfuscation☆32Updated last year
- ☆118Updated last year
- ☆108Updated last year
- Host CLR and run .NET binaries using Rust☆60Updated 2 weeks ago
- TypeLib persistence technique☆75Updated 3 weeks ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆57Updated 8 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 4 months ago