Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies
☆50Jul 6, 2025Updated 7 months ago
Alternatives and similar repositories for VEHNetLoader
Users that are interested in VEHNetLoader are comparing it to the libraries listed below
Sorting:
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Bypassing Amsi using LdrLoadDll☆47Jan 8, 2025Updated last year
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- Executing Kernel Routines via Syscall Table Hijack (Kernel Code Execution)☆57Jun 15, 2025Updated 8 months ago
- Utilizng an MCP Server to communicate with your C2☆86May 15, 2025Updated 9 months ago
- A proof-of-concept to demonstrate randomized execution paths and their impact on call stack signatures — ideal for EDR testing, behavior-…☆23Jan 17, 2026Updated last month
- ☆31Aug 23, 2020Updated 5 years ago
- ☆29Oct 19, 2024Updated last year
- Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.☆21Apr 21, 2025Updated 10 months ago
- A 64 bit executable junk code engine for polymorphic malware.☆76Jun 16, 2025Updated 8 months ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆104Nov 7, 2025Updated 3 months ago
- Commandline spoofing on Windows☆94Nov 25, 2025Updated 3 months ago
- 「⚔️」Ring 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.x☆27Apr 10, 2025Updated 10 months ago
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆52May 16, 2025Updated 9 months ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆199Dec 30, 2025Updated last month
- Random BOFs for LDAP tradecraft☆73Sep 9, 2025Updated 5 months ago
- Yet another shellcode loader - but a sneaky one☆25Apr 16, 2025Updated 10 months ago
- Code execution/injection technique using DLL PEB module structure manipulation☆221Jun 4, 2025Updated 8 months ago
- Permanently disable EDRs as local admin☆125Dec 19, 2025Updated 2 months ago
- Best Repo for learn DDOS ( Send me Stars ⭐ )☆36Feb 5, 2026Updated 3 weeks ago
- .NET Post-Exploitation Utility for Abusing Strong Explicit Certificate Mappings in ADCS☆150Feb 10, 2025Updated last year
- Attacking the cleanup_module function of a kernel module☆57Jun 30, 2025Updated 7 months ago
- Stealthy x64 thread manipulation library for calling functions inside target processes without creating remote threads or installing hook…☆59Oct 10, 2025Updated 4 months ago
- RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging☆203Mar 6, 2025Updated 11 months ago
- Find interesting files stored on (System Center) Configuration Manager (SCCM/CM) shares via HTTP(s)☆209Sep 30, 2024Updated last year
- Obex – Blocking unwanted DLLs in user mode☆281Sep 18, 2025Updated 5 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆368Apr 19, 2023Updated 2 years ago
- Encrypt any C# binary or bin file☆12Aug 1, 2024Updated last year
- Decrypt Matrix42 Empirum /EIS Passwords☆14Mar 31, 2021Updated 4 years ago
- ☆14Jul 26, 2025Updated 7 months ago
- Offensive toolkit and BloodHound graph creator for DPAPI blobs and master key files☆14Jan 10, 2026Updated last month
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54May 12, 2025Updated 9 months ago
- This repository will contain source codes from the Tradecraft improvement blog series☆13Mar 27, 2025Updated 11 months ago
- A small How-To on creating your own weaponized WSL file☆121Jul 23, 2025Updated 7 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Aug 13, 2024Updated last year
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆137Apr 6, 2025Updated 10 months ago
- A Python POC for CRED1 over SOCKS5☆164Oct 5, 2024Updated last year
- A fucking real shellcode loader with a GUI. Work-in-Progress.☆82Jun 25, 2025Updated 8 months ago