A Proof of Concept Rootkit Demonstrating Keylogging and Virtual File System (VFS) Capabilities
☆77Sep 21, 2022Updated 3 years ago
Alternatives and similar repositories for INTRACTABLEGIRAFFE
Users that are interested in INTRACTABLEGIRAFFE are comparing it to the libraries listed below
Sorting:
- ☆78Oct 18, 2022Updated 3 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆243Sep 26, 2023Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Jan 6, 2023Updated 3 years ago
- Python module for running BOFs☆80Nov 28, 2025Updated 3 months ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Mar 10, 2023Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- ☆124May 12, 2021Updated 4 years ago
- Just another casual shellcode native loader☆25Feb 3, 2022Updated 4 years ago
- It stinks☆103Apr 22, 2022Updated 3 years ago
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- ☆224Oct 22, 2023Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- Shaco is a linux agent for havoc☆170Oct 25, 2023Updated 2 years ago
- Select any exported function in a dll as the new dll's entry point.☆81Oct 25, 2024Updated last year
- Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).☆52Aug 22, 2022Updated 3 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆172Aug 1, 2023Updated 2 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆309Feb 13, 2023Updated 3 years ago
- x64 Registration-Free In-Process COM Automation Server.☆51Nov 28, 2022Updated 3 years ago
- A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique☆52Dec 6, 2018Updated 7 years ago
- Apply a divide and conquer approach to bypass EDRs☆286Oct 19, 2023Updated 2 years ago
- Using fibers to run in-memory code.☆243Oct 19, 2023Updated 2 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- XOR decrypting shellcode using the GPU with OpenCL.☆120May 22, 2025Updated 9 months ago
- Hide memory artifacts using ROP and hardware breakpoints.☆145Oct 20, 2023Updated 2 years ago
- Tools and PoCs for Windows syscall investigation.☆367Dec 2, 2025Updated 3 months ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- For when DLLMain is the only way☆424Oct 29, 2024Updated last year
- Create file system symbolic links from low privileged user accounts within PowerShell☆94Jun 20, 2022Updated 3 years ago
- ☆84Aug 26, 2024Updated last year
- A tool to find folders excluded from AV real-time scanning using a time oracle☆233Feb 13, 2024Updated 2 years ago
- ☆101Oct 7, 2023Updated 2 years ago
- ☆59Jun 8, 2022Updated 3 years ago