reveng007 / AMSI-patches-learned-till-now
I have documented all of the AMSI patches that I learned till now
☆66Updated last year
Related projects: ⓘ
- Simple BOF to read the protection level of a process☆101Updated last year
- Tool for playing with Windows Access Token manipulation.☆50Updated last year
- ☆70Updated last year
- ☆61Updated 2 years ago
- ☆94Updated 11 months ago
- Lateral Movement via the .NET Profiler☆74Updated 3 months ago
- ☆116Updated last year
- ☆65Updated this week
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆76Updated last year
- a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…☆49Updated last year
- ☆67Updated this week
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆147Updated 10 months ago
- this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…☆81Updated 2 years ago
- A simple BOF that frees UDRLs☆106Updated 2 years ago
- ☆132Updated last year
- ☆122Updated 9 months ago
- Find DLLs with RWX section☆74Updated last year
- Beacon Object File allowing creation of Beacons in different sessions.☆73Updated 2 years ago
- Modified versions of the Cobalt Strike Process Injection Kit☆85Updated 7 months ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆84Updated last year
- ☆99Updated this week
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆93Updated last year
- ☆105Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆74Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆110Updated last year
- ☆87Updated 2 years ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆37Updated last year
- ☆37Updated last year
- Do some DLL SideLoading magic☆72Updated 11 months ago