nothingspecialforu / EvtPsstLinks
EvtPsst
☆55Updated 2 years ago
Alternatives and similar repositories for EvtPsst
Users that are interested in EvtPsst are comparing it to the libraries listed below
Sorting:
- ☆60Updated last year
- Section-based payload obfuscation technique for x64☆64Updated last year
- A pure C version of SymProcAddress☆30Updated last year
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- miscellaneous codes☆35Updated 2 years ago
- A more reliable way of resolving syscall numbers in Windows☆52Updated last year
- in-process powershell runner for BRC4☆47Updated last year
- BOF for C2 framework☆44Updated 11 months ago
- ☆47Updated 2 years ago
- malleable profile generator GUI for Havoc☆55Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated last year
- ☆58Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆60Updated 11 months ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆57Updated last year
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆38Updated 10 months ago
- Just another ntdll unhooking using Parun's Fart technique☆75Updated 2 years ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51Updated last year
- Select any exported function in a dll as the new dll's entry point.☆81Updated last year
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆64Updated 9 months ago
- This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for loc…☆55Updated 2 years ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated last year
- Hunting and injecting RWX 'mockingjay' DLLs in pure nim☆59Updated 10 months ago
- Find DLLs with RWX section☆80Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- ☆108Updated 11 months ago
- ☆36Updated last year
- ☆48Updated 2 years ago
- ☆77Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- ☆37Updated 6 months ago