Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx
☆15Apr 26, 2021Updated 4 years ago
Alternatives and similar repositories for Sigma
Users that are interested in Sigma are comparing it to the libraries listed below
Sorting:
- Injects shellcode into remote processes using direct syscalls☆77Dec 30, 2020Updated 5 years ago
- Out-of-the-Box Tool to Obfuscate Excel XLS. Include Obfuscation & Hide for Cell Labels & BoundSheets☆48Aug 4, 2021Updated 4 years ago
- Metamorphic Code Generator & Loader☆15Dec 7, 2020Updated 5 years ago
- ☆52Dec 11, 2019Updated 6 years ago
- Loading and executing shellcode in C# without PInvoke.☆22Jan 10, 2022Updated 4 years ago
- SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#☆66Aug 29, 2023Updated 2 years ago
- Simple POC of Voice C2 using Speech Recognition☆13Apr 27, 2022Updated 3 years ago
- Cheat sheets☆10Jul 4, 2016Updated 9 years ago
- Aggressor script to integrate Phant0m with Cobalt Strike☆27Jun 8, 2017Updated 8 years ago
- Call your own DLL from VBA and execute code under process svchost.exe with WMI☆12Mar 6, 2020Updated 5 years ago
- Bypass UAC at any level by abusing the Task Scheduler and environment variables☆35Jul 12, 2021Updated 4 years ago
- ☆26May 22, 2021Updated 4 years ago
- C# project to create or modify existing LNKs☆54Oct 18, 2022Updated 3 years ago
- PoC for UUID shellcode execution using DInvoke☆155Mar 8, 2021Updated 4 years ago
- 寻找可注入进程☆13Jul 16, 2020Updated 5 years ago
- C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.☆31Nov 9, 2021Updated 4 years ago
- Haschcat Rules processor☆14Mar 22, 2023Updated 2 years ago
- Deobfuscation of XorStringsNet☆14Nov 5, 2024Updated last year
- Code samples of .NET shellcode injections, weaponized for use via WebDav and mshta.exe.☆37Jan 23, 2020Updated 6 years ago
- inject and run code into arbitrary process (x86 and x64)☆14Oct 20, 2021Updated 4 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆30Jul 12, 2021Updated 4 years ago
- Trigen is a Python script which uses different combinations of Win32 function calls in generated VBA to execute shellcode.☆203Jul 2, 2017Updated 8 years ago
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- Just another Process Injection using Process Hollowing technique.☆18Sep 18, 2023Updated 2 years ago
- ☆13Oct 20, 2021Updated 4 years ago
- Reflective shellcode runners using obfuscated Win32 APIs in C# and C++ (GetProcAddress & GetModuleHandle). For penetration testing.☆15Jul 17, 2025Updated 7 months ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆52Jun 14, 2021Updated 4 years ago
- ☆14Sep 22, 2019Updated 6 years ago
- inject shellcode into remote process via message hook☆15Oct 28, 2020Updated 5 years ago
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆35Mar 28, 2023Updated 2 years ago
- Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger☆58Oct 7, 2020Updated 5 years ago
- subTee gists code backups☆37Dec 19, 2017Updated 8 years ago
- A collection of Cobalt Strike Malleable C2 profiles☆36Oct 13, 2020Updated 5 years ago
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- An example of using Syscalls in C# to get a meterpreter shell.☆112Oct 7, 2021Updated 4 years ago
- Modular C2 server to tame your pack of wolves☆21Jan 7, 2026Updated last month
- AmsiHook is a project I created to figure out a bypass to AMSI via function hooking.☆67Jun 14, 2020Updated 5 years ago
- An Ansible role to install cobalt-strike☆16Aug 24, 2020Updated 5 years ago
- Cobalt Strike BOFS☆16Dec 20, 2023Updated 2 years ago