realoriginal / titanldr-ng
A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.
☆151Updated last year
Related projects: ⓘ
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- ☆105Updated last year
- ☆132Updated last year
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆126Updated 2 years ago
- Malware?☆69Updated 2 months ago
- Simple BOF to read the protection level of a process☆101Updated last year
- Implant drop-in for EDR testing☆126Updated 10 months ago
- ☆99Updated 2 weeks ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆110Updated last year
- ☆94Updated 11 months ago
- ☆100Updated this week
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆134Updated 2 years ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆106Updated last month
- ☆99Updated this week
- ☆58Updated 3 months ago
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆99Updated this week
- ☆113Updated 11 months ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆106Updated 11 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader☆75Updated 6 months ago
- Tool for playing with Windows Access Token manipulation.☆50Updated last year
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆76Updated last year
- I have documented all of the AMSI patches that I learned till now☆66Updated last year
- ☆87Updated this week
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆31Updated 2 months ago
- Do some DLL SideLoading magic☆72Updated 11 months ago
- ☆132Updated last year
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆163Updated last year
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆87Updated 2 years ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- ☆116Updated last year