oldboy21 / SyscallMeMaybe
Implementation of Indirect Syscall technique to pop a calc.exe
☆102Updated last year
Alternatives and similar repositories for SyscallMeMaybe
Users that are interested in SyscallMeMaybe are comparing it to the libraries listed below
Sorting:
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆100Updated 2 years ago
- I have documented all of the AMSI patches that I learned till now☆72Updated last month
- ☆123Updated last year
- ☆49Updated 2 years ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆64Updated 2 weeks ago
- TypeLib persistence technique☆115Updated 6 months ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆119Updated 2 years ago
- ☆80Updated last year
- ApexLdr is a DLL Payload Loader written in C☆108Updated 9 months ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆118Updated 3 months ago
- A basic C2 framework written in C☆61Updated 10 months ago
- ☆142Updated last year
- Threadless shellcode injection tool☆64Updated 9 months ago
- A nice process dumping tool☆81Updated 2 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆153Updated last year
- ☆99Updated last year
- ☆58Updated 3 months ago
- ☆61Updated 11 months ago
- ☆109Updated 3 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆82Updated 6 months ago
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 3 years ago
- bring your own vulnerable driver☆95Updated last year
- ☆36Updated 2 years ago
- Library of BOFs to interact with SQL servers☆163Updated last month
- ☆158Updated 2 years ago
- ☆36Updated 2 years ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆47Updated last year
- ☆126Updated 8 months ago
- It stinks☆102Updated 3 years ago