mansk1es / GhostFart
☆132Updated last year
Related projects: ⓘ
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆151Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- ☆105Updated last year
- Simple BOF to read the protection level of a process☆101Updated last year
- Implant drop-in for EDR testing☆126Updated 10 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆106Updated last month
- ☆142Updated 11 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆126Updated 2 years ago
- ☆58Updated 3 months ago
- ☆172Updated 9 months ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆106Updated 11 months ago
- ☆107Updated this week
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated 9 months ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆171Updated last year
- ☆99Updated 2 weeks ago
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆99Updated this week
- I have documented all of the AMSI patches that I learned till now☆66Updated last year
- Malware?☆69Updated 2 months ago
- ☆94Updated 11 months ago
- ☆113Updated 11 months ago
- Find DLLs with RWX section☆74Updated last year
- Generic PE loader for fast prototyping evasion techniques☆175Updated 2 months ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- Do some DLL SideLoading magic☆72Updated 11 months ago
- ☆116Updated last year
- ☆97Updated last year
- Tool for playing with Windows Access Token manipulation.☆50Updated last year
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆163Updated last year
- It's pointy and it hurts!☆120Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆75Updated 6 months ago