A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library
☆24Nov 13, 2025Updated 3 months ago
Alternatives and similar repositories for Regstoration
Users that are interested in Regstoration are comparing it to the libraries listed below
Sorting:
- An example of an external LLVM plugin module transform pass for the latest versions.☆14Oct 21, 2025Updated 4 months ago
- ☆14Dec 26, 2024Updated last year
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Section-based payload obfuscation technique for x64☆64Aug 8, 2024Updated last year
- A synergized Visual Studio and Rust development environment☆19Jan 25, 2025Updated last year
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆44Oct 11, 2025Updated 4 months ago
- Help red teams find opsec processes during engagements☆42Dec 7, 2024Updated last year
- Beacon Debugger☆55Oct 28, 2024Updated last year
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- 在线安软识别☆12Aug 6, 2025Updated 7 months ago
- Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications☆22Mar 28, 2025Updated 11 months ago
- Enable EFS service as low priv user (PE & BOF)☆21Jul 6, 2025Updated 8 months ago
- ☆53Mar 26, 2025Updated 11 months ago
- Parses cached certificate templates from a Windows Registry file and displays them in the same style as Certipy does☆95Jul 3, 2025Updated 8 months ago
- ☆13Jan 22, 2025Updated last year
- Arbitrary command execution on Open Folder via .vscode/tasks.json☆33Jan 19, 2026Updated last month
- A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback …☆14Oct 21, 2024Updated last year
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆93Jul 7, 2025Updated 8 months ago
- A Windows C++ OLE/COM Object explorer written in WTL.☆16Feb 28, 2025Updated last year
- TL-NodeJsShell 是一个为安全专业人员和渗透测试人员设计的综合性 WebShell 管理平台。它提供了一个现代化的 Web 界面,用于管理基于 Node.js 的 Shell,具有内存马注入、命令执行、文件管理和代理支持等高级功能。☆81Dec 12, 2025Updated 2 months ago
- System Call Integrity Layer - experimental security research☆25Jan 31, 2026Updated last month
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆34Jun 23, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- A lightweight test harness designed to speed up shellcode development by providing an execution environment with integrated crash diagnos…☆43Jan 15, 2026Updated last month
- A Rust template for writing Beacon Object Files (BOFs)☆101Feb 11, 2026Updated 3 weeks ago
- Using DLL sideloading to hijack the exe main thread before starting it! 使用dll侧载在exe程序主线程启动之前劫持主线程。☆26Jul 25, 2025Updated 7 months ago
- BadExclusionsNWBO is an evolution from BadExclusions to identify folder custom or undocumented exclusions on AV/EDR☆75Feb 9, 2024Updated 2 years ago
- Validates priv escalation of AD trusts☆47Apr 1, 2025Updated 11 months ago
- BYOVD: Use 360 WFP driver to block EDR/XDR network connection.☆103Feb 10, 2026Updated 3 weeks ago
- A runtime for developing large-scale and complex shellcode.☆22Updated this week
- This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-…☆17Sep 26, 2025Updated 5 months ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆263Oct 16, 2024Updated last year
- A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and …☆191Apr 26, 2025Updated 10 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆41Aug 28, 2024Updated last year
- A .NET assembly tracer using Harmony for runtime method interception.☆50Oct 24, 2025Updated 4 months ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 2 months ago
- ANY.RUN sandbox detection collection☆23Aug 21, 2024Updated last year