nothingspecialforu / EvtPsst
EvtPsst
☆53Updated 10 months ago
Related projects: ⓘ
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 2 months ago
- ☆47Updated last year
- ☆57Updated 9 months ago
- ☆33Updated last year
- A pure C version of SymProcAddress☆23Updated 6 months ago
- ☆27Updated 3 months ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆15Updated 6 months ago
- Section-based payload obfuscation technique for x64☆59Updated last month
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆72Updated last month
- A more reliable way of resolving syscall numbers in Windows☆49Updated 7 months ago
- ☆45Updated last year
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- ☆38Updated this week
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆14Updated last year
- Just another ntdll unhooking using Parun's Fart technique☆70Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- idk man this was the default github name☆35Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆37Updated last year
- Some of the presentations, workshops, and labs I gave at public conferences.☆21Updated last week
- malleable profile generator GUI for Havoc☆53Updated last year
- ☆62Updated last month
- Utilities for obfuscating shellcode☆38Updated 2 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆50Updated 6 months ago
- Rewrite to fit my needs☆25Updated 2 months ago
- Red Team Operation's Defense Evasion Technique.☆50Updated 3 months ago
- These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be…☆18Updated last year
- ☆57Updated this week
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Sleep Obfuscation☆39Updated last year
- Windows Thread Pool Injection Havoc Implementation☆26Updated 5 months ago