oh-az / NoArgsView external linksLinks
NoArgs is a tool designed to dynamically spoof and conceal process arguments while staying undetected. It achieves this by hooking into Windows APIs to dynamically manipulate the Windows internals on the go. This allows NoArgs to alter process arguments discreetly.
☆155May 7, 2024Updated last year
Alternatives and similar repositories for NoArgs
Users that are interested in NoArgs are comparing it to the libraries listed below
Sorting:
- An interactive shell to spoof some LOLBins command line☆188Jan 27, 2024Updated 2 years ago
- Admin to Kernel code execution using the KSecDD driver☆264Apr 19, 2024Updated last year
- Hide your P/Invoke signatures through other people's signed assemblies☆211Mar 10, 2024Updated last year
- A beacon object file implementation of PoolParty Process Injection Technique.☆432Dec 21, 2023Updated 2 years ago
- A BOF that runs unmanaged PEs inline☆678Oct 23, 2024Updated last year
- .net config loader☆348Nov 9, 2023Updated 2 years ago
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆212Jun 10, 2024Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆167May 30, 2024Updated last year
- Patching "signtool.exe" to accept expired certificates for code-signing.☆340Feb 2, 2026Updated last week
- A C# port from Invoke-GhostTask☆119Jan 5, 2024Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆408Jan 11, 2026Updated last month
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆282Apr 6, 2025Updated 10 months ago
- Local & remote Windows DLL Proxying☆170Jun 17, 2024Updated last year
- Lockless BOF☆79May 2, 2025Updated 9 months ago
- Lifetime AMSI bypass by @ZeroMemoryEx ported to .NET Framework 4.8☆351Aug 29, 2024Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆591Jun 12, 2024Updated last year
- Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)☆698May 7, 2025Updated 9 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆202Dec 27, 2023Updated 2 years ago
- Yet another C++ Cobalt Strike beacon dropper with Compile-Time API hashing and custom indirect syscalls execution☆198May 29, 2025Updated 8 months ago
- Indirect syscalls + DInvoke made simple.☆96Dec 24, 2024Updated last year
- C++ self-Injecting dropper based on various EDR evasion techniques.☆425Feb 11, 2024Updated 2 years ago
- Small toolkit for extracting information and dumping sensitive strings from Windows processes☆116Jul 17, 2024Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- ROP-based sleep obfuscation to evade memory scanners☆375Jun 22, 2025Updated 7 months ago
- Simulate the behavior of AV/EDR for malware development training.☆562Feb 15, 2024Updated last year
- Process injection alternative☆404Sep 6, 2024Updated last year
- Linux Sleep Obfuscation☆107Jan 7, 2024Updated 2 years ago
- Modified versions of the Cobalt Strike Process Injection Kit☆105Jan 24, 2024Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Jul 12, 2024Updated last year
- A POC to disable TamperProtection and other Defender / MDE components☆253Jun 6, 2024Updated last year
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆286Jan 21, 2024Updated 2 years ago
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆534May 9, 2025Updated 9 months ago
- Amazing whoami alternatives☆141Mar 23, 2024Updated last year
- Collection of UAC Bypass Techniques Weaponized as BOFs☆603Feb 21, 2024Updated last year
- Various one-off pentesting projects written in Nim. Updates happen on a whim.☆162Jul 14, 2025Updated 6 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆366Apr 19, 2023Updated 2 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆144Mar 16, 2024Updated last year