naksyn / ModuleShifting
Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctypes
☆109Updated last year
Alternatives and similar repositories for ModuleShifting:
Users that are interested in ModuleShifting are comparing it to the libraries listed below
- ☆134Updated last year
- ☆115Updated last year
- Simple BOF to read the protection level of a process☆114Updated last year
- Lateral Movement via the .NET Profiler☆79Updated 2 months ago
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- ☆180Updated last year
- Implant drop-in for EDR testing☆134Updated last year
- ☆74Updated last year
- ☆92Updated 3 weeks ago
- ☆120Updated last year
- Malware?☆69Updated 4 months ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆89Updated 2 years ago
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated last year
- ☆122Updated 5 months ago
- I have documented all of the AMSI patches that I learned till now☆71Updated last year
- Do some DLL SideLoading magic☆78Updated last year
- C# havoc implant☆97Updated 2 years ago
- ☆28Updated 5 months ago
- Find DLLs with RWX section☆76Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated 11 months ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆111Updated last year
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆69Updated 3 weeks ago
- AzureAD beacon object files☆108Updated last month
- BOF with Synthetic Stackframe☆106Updated 3 weeks ago
- ☆61Updated 2 years ago
- Just another C2 Redirector using CloudFlare.☆85Updated 9 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆85Updated 7 months ago
- ☆123Updated last year