A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
☆18Jun 26, 2025Updated 8 months ago
Alternatives and similar repositories for TrampoLatte
Users that are interested in TrampoLatte are comparing it to the libraries listed below
Sorting:
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆50Jul 6, 2025Updated 8 months ago
- ☆54Oct 13, 2025Updated 4 months ago
- ☆14Jul 26, 2025Updated 7 months ago
- Offensive toolkit and BloodHound graph creator for DPAPI blobs and master key files☆14Jan 10, 2026Updated last month
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆23Jul 11, 2025Updated 7 months ago
- Proof-of-concept code for understanding the allow-jit entitlement on macOS☆30Feb 19, 2026Updated 2 weeks ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- Show the time in Roman Numerals☆11Jan 23, 2020Updated 6 years ago
- A Patchless AMSI Bypass Technique using VEH²☆30Jun 22, 2025Updated 8 months ago
- Utilizng an MCP Server to communicate with your C2☆86May 15, 2025Updated 9 months ago
- SafeCrypt is an academic ransomware simulation suite developed for Red Team engagements. It demonstrates modern malware techniques includ…☆32Oct 3, 2025Updated 5 months ago
- Find world writable directories that contain a .exe or .dll file☆13Aug 31, 2021Updated 4 years ago
- ☆50Jun 4, 2025Updated 9 months ago
- Shellcode Loader using indirect syscalls☆16Jan 21, 2024Updated 2 years ago
- Command Augmentation support for BOFs and .NET assemblies across agents☆40Feb 17, 2026Updated 2 weeks ago
- Windows Defender Manager is a tool that helps stop Windows Defender. It works with the Antimalware Service Executable of all versions of …☆43Jan 18, 2025Updated last year
- Repository for dirty scripts and PoCs☆20Feb 18, 2025Updated last year
- Novel Windows process injection: assembles existing open handles (process & thread), natural RWX regions, and special user APC (NtQueueAp…☆63Feb 17, 2026Updated 2 weeks ago
- ☆20Nov 6, 2023Updated 2 years ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆138Apr 6, 2025Updated 11 months ago
- Terms of Use Conditional Access M365 Evilginx Phishlet☆44Jun 23, 2025Updated 8 months ago
- Bypassing Amsi using LdrLoadDll☆47Jan 8, 2025Updated last year
- reverse engineering random malwares☆22Feb 1, 2025Updated last year
- A C# tool for extracting information from SCCM PXE boot media.☆51Jan 14, 2026Updated last month
- An Ansible collection that installs an ADFS deployment with optional configurations.☆44Dec 19, 2025Updated 2 months ago
- Sleep Obfuscation☆45Oct 13, 2022Updated 3 years ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆49Nov 2, 2025Updated 4 months ago
- A hacky way of getting cross-arch/platform support in Cobalt Strike☆37Aug 31, 2025Updated 6 months ago
- a BOF implementation of various registry persistence methods☆94Nov 11, 2025Updated 3 months ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆95Aug 21, 2025Updated 6 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆41Aug 28, 2024Updated last year
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Oct 5, 2022Updated 3 years ago
- 「⚔️」Ring 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.x☆27Apr 10, 2025Updated 10 months ago
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆64Jan 19, 2026Updated last month
- Proof-of-Concept code snippets for a variety of different process injection techniques☆23Feb 2, 2023Updated 3 years ago
- Docker container for running CobaltStrike 4.7 and above☆24Mar 20, 2025Updated 11 months ago
- Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability☆24Feb 5, 2025Updated last year
- stack based arithmetic only virtual machine (VM) executes bytecode instructions to perform various basic arithmetic operations and manage…☆27Mar 19, 2025Updated 11 months ago
- Easy peasy file uploads☆32Aug 29, 2025Updated 6 months ago