reveng007 / AMSI-patches-learned-till-now

Related projects: ⓘ

• rasta-mouse / PPEnum
  Simple BOF to read the protection level of a process
  ☆101Updated last year
• eversinc33 / Godmode
  Tool for playing with Windows Access Token manipulation.
  ☆50Updated last year
• xalicex / LOLDrivers_finder
  ☆70Updated last year
• waawaa / AMSI_Rubeus_bypass
  ☆61Updated 2 years ago
• lap1nou / CLR_Heap_encryption
  ☆94Updated 11 months ago
• MayerDaniel / profiler-lateral-movement
  Lateral Movement via the .NET Profiler
  ☆74Updated 3 months ago
• xforcered / BOFMask
  ☆116Updated last year
• securityandstuff / DynamicFinder
  ☆65Updated this week
• ScriptIdiot / sleepmask_PatchlessHook
  Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW
  ☆76Updated last year
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆49Updated last year
• enkomio / s4killer
  ☆67Updated this week
• ewby / Mockingjay_BOF
  Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
  ☆147Updated 10 months ago
• 0xsp-SRD / callback_injection-Csharp
  this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…
  ☆81Updated 2 years ago
• S4ntiagoP / freeBokuLoader
  A simple BOF that frees UDRLs
  ☆106Updated 2 years ago
• trustedsec / PPLFaultDumpBOF
  ☆132Updated last year
• trustedsec / CS_COFFLoader
  ☆122Updated 9 months ago
• oldboy21 / JayFinder
  Find DLLs with RWX section
  ☆74Updated last year
• Octoberfest7 / JumpSession_BOF
  Beacon Object File allowing creation of Beacons in different sessions.
  ☆73Updated 2 years ago
• REDMED-X / InjectKit
  Modified versions of the Cobalt Strike Process Injection Kit
  ☆85Updated 7 months ago
• ChoiSG / OneDriveUpdaterSideloading
  Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
  ☆84Updated last year
• Cracked5pider / LsaParser
  ☆99Updated this week
• Mav3rick33 / ZenLdr
  Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature
  ☆93Updated last year
• passthehashbrowns / BOFMask
  ☆105Updated last year
• maliciousgroup / RDI-SRDI
  This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".
  ☆74Updated last year
• SaadAhla / D1rkSleep
  Improved version of EKKO by @5pider that Encrypts only Image Sections
  ☆110Updated last year
• Wh04m1001 / DiagTrackEoP
  ☆87Updated 2 years ago
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆32Updated 8 months ago
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆37Updated last year
• shantanu561993 / DLL-Sideload
  ☆37Updated last year
• MaorSabag / SideLoadingDLL
  Do some DLL SideLoading magic
  ☆72Updated 11 months ago