oldboy21 / SyscallMeMaybe
Implementation of Indirect Syscall technique to pop a calc.exe
☆82Updated 7 months ago
Related projects: ⓘ
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆76Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆93Updated last year
- ☆67Updated this week
- ☆73Updated 10 months ago
- ☆99Updated this week
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆41Updated 6 months ago
- ☆50Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆110Updated last year
- I have documented all of the AMSI patches that I learned till now☆66Updated last year
- ☆132Updated last year
- ☆94Updated 11 months ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated 8 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆55Updated last year
- A basic C2 framework written in C☆53Updated 2 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆106Updated last month
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆75Updated 6 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 7 months ago
- Modified versions of the Cobalt Strike Process Injection Kit☆85Updated 7 months ago
- ApexLdr is a DLL Payload Loader written in C☆98Updated 2 months ago
- Library of BOFs to interact with SQL servers☆143Updated 3 months ago
- It stinks☆99Updated 2 years ago
- Threadless shellcode injection tool☆56Updated last month
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆147Updated 10 months ago
- ☆116Updated last year
- ☆79Updated 2 weeks ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆74Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆47Updated 2 years ago
- A simple BOF that frees UDRLs☆106Updated 2 years ago
- ☆100Updated this week
- ☆56Updated 7 months ago