naksyn / ModuleShifting

Related projects ⓘ

Alternatives and complementary repositories for ModuleShifting

• realoriginal / titanldr-ng
  A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …
  ☆159Updated last year
• passthehashbrowns / BOFMask
  ☆108Updated last year
• mansk1es / GhostFart
  ☆133Updated last year
• Octoberfest7 / enumhandles_BOF
  ☆116Updated 2 months ago
• nettitude / Tartarus-TpAllocInject
  ☆173Updated 11 months ago
• securifybv / BOFRyptor
  ☆118Updated last year
• 0prrr / Malwear-Sweet
  Malware?
  ☆69Updated last month
• rasta-mouse / PPEnum
  Simple BOF to read the protection level of a process
  ☆104Updated last year
• realoriginal / foliage
  A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code
  ☆39Updated last month
• zimnyaa / noWatch
  Implant drop-in for EDR testing
  ☆127Updated 11 months ago
• Hagrid29 / RemotePatcher
  Patch AMSI and ETW in remote process via direct syscall
  ☆77Updated 2 years ago
• reveng007 / ReflectiveNtdll
  A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…
  ☆165Updated last year
• ChoiSG / OneDriveUpdaterSideloading
  Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
  ☆86Updated 2 years ago
• MaorSabag / SideLoadingDLL
  Do some DLL SideLoading magic
  ☆74Updated last year
• eversinc33 / Godmode
  Tool for playing with Windows Access Token manipulation.
  ☆51Updated last year
• ZERODETECTION / MSC_Dropper
  ☆125Updated 3 months ago
• MayerDaniel / profiler-lateral-movement
  Lateral Movement via the .NET Profiler
  ☆73Updated 5 months ago
• xforcered / BOFMask
  ☆117Updated last year
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆85Updated 2 years ago
• oldboy21 / JayFinder
  Find DLLs with RWX section
  ☆75Updated last year
• Idov31 / NidhoggScript
  NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
  ☆47Updated 8 months ago
• SaadAhla / D1rkSleep
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆113Updated last year
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆68Updated last year
• naksyn / ProcessStomping
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆145Updated 10 months ago
• S4ntiagoP / donut
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆110Updated last year
• SECFORCE / SharpWhispers
  C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.
  ☆101Updated last year
• x42en / sysplant
  Your syscall factory
  ☆122Updated last month
• bohops / DynamicDotNet
  A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
  ☆134Updated 5 months ago
• michaelweber / CSharpSourceObfuscator
  A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.
  ☆69Updated 4 years ago
• som3canadian / Cloudflare-Redirector
  Just another C2 Redirector using CloudFlare.
  ☆78Updated 5 months ago