qwqdanchun / Malware-Note

Related projects ⓘ

Alternatives and complementary repositories for Malware-Note

• qwqdanchun / ScreenShot-BOF
  ☆39Updated last year
• Cobalt-Strike / sleepmask-vs
  A simple Sleepmask BOF example
  ☆53Updated 2 months ago
• gavz / ExplorerPersist
  Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …
  ☆78Updated last year
• exploitblizzard / Syscall-Example
  Using syscall to load shellcode, Evasion techniques
  ☆26Updated 3 years ago
• su1s / encryptor
  Windows shellcode encoding and encrypting tool
  ☆20Updated 2 years ago
• DamonMohammadbagher / NativePayload_PE1
  NativePayload_PE1/PE2 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing R…
  ☆57Updated last year
• Mav3rick33 / ZenLdr
  Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
  ☆95Updated last year
• N3agu / Akame-Loader
  Akame is an open-source, UD shellcode loader written in C++17.
  ☆19Updated 4 months ago
• ASkyeye / FilelessRemotePE
  Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
  ☆61Updated 2 years ago
• LuxNoBulIshit / Smug_Fu3k
  ☆51Updated 2 years ago
• WKL-Sec / StackMask
  A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
  ☆55Updated last year
• ProcessusT / UnhookingDLL
  This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…
  ☆67Updated 9 months ago
• EspressoCake / DLL-Exports-Extraction-BOF
  DLL Exports Extraction BOF with optional NTFS transactions.
  ☆78Updated 3 years ago
• c3r3br4t3 / ShadowRDP
  ☆62Updated 9 months ago
• qwqdanchun / RainbowSheep
  Change hash for a signed pe
  ☆15Updated last year
• Yair-Men / Passenger
  ProcExp Driver (Ab)use
  ☆20Updated last year
• WKL-Sec / Winsocky
  Winsocket for Cobalt Strike.
  ☆98Updated last year
• MastMind / PE-infector
  Crossplatform tool for inject shellcode into .exe and .dll binaries (x86 and x64)
  ☆53Updated 6 months ago
• kyxiaxiang / AV_EDR_EPP_Notes
  ☆44Updated 7 months ago
• zha0gongz1 / Windows-ReverseShell
  Simple reverse shell to avoid Windows defender and kaspersky detection
  ☆18Updated 2 years ago
• ProcessusT / SharpVenoma
  CSharp reimplementation of Venoma, another C++ Cobalt Strike beacon dropper with custom indirect syscalls execution
  ☆40Updated 7 months ago
• Octoberfest7 / Cohab_Processes
  A small Aggressor script to help Red Teams identify foreign processes on a host machine
  ☆81Updated last year
• EvilBytecode / Nyx-Full-Dll-Unhook
  (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
  ☆15Updated 3 months ago
• Offensive-Panda / on-disk-detection-bypass
  Direct syscalls Injection to bypass AV/EDR
  ☆11Updated 6 months ago
• ShadowMccc / MemoryEvasion
  A Cobalt Strike memory evasion loader for redteamers
  ☆95Updated last year
• ScriptIdiot / sleepmask_PatchlessHook
  Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
  ☆78Updated last year
• florylsk / NtDump
  Indirect NT syscalls LSASS dumper.
  ☆36Updated last year
• Offensive-Panda / D3MPSEC
  "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…
  ☆22Updated 2 months ago