susMdT / effective-waffleView external linksLinks
yet another sleep encryption thing. also used the default github repo name for this one.
☆69May 11, 2023Updated 2 years ago
Alternatives and similar repositories for effective-waffle
Users that are interested in effective-waffle are comparing it to the libraries listed below
Sorting:
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- idk man this was the default github name☆35Apr 23, 2023Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 2 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- miscellaneous codes☆36Sep 24, 2023Updated 2 years ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆259Jun 29, 2024Updated last year
- ☆151Oct 2, 2023Updated 2 years ago
- ☆84Nov 1, 2023Updated 2 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆43May 6, 2023Updated 2 years ago
- My implementation of Halo's Gate technique in C#☆54Apr 20, 2022Updated 3 years ago
- EvtPsst☆55Oct 24, 2023Updated 2 years ago
- ☆126Jun 28, 2023Updated 2 years ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆88Feb 11, 2024Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆209Nov 12, 2025Updated 3 months ago
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆108Sep 22, 2023Updated 2 years ago
- (First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…☆136Mar 3, 2025Updated 11 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆86Mar 19, 2023Updated 2 years ago
- ☆319Jun 28, 2023Updated 2 years ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆128Sep 27, 2023Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- ☆122Oct 9, 2023Updated 2 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆134Dec 20, 2022Updated 3 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- ☆137Jun 21, 2023Updated 2 years ago
- Python module for running BOFs☆79Nov 28, 2025Updated 2 months ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Nov 21, 2022Updated 3 years ago
- Patching AmsiOpenSession by forcing an error branching☆155Aug 2, 2023Updated 2 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆113Aug 29, 2022Updated 3 years ago
- ☆563Feb 22, 2024Updated last year
- indirect syscalls for AV/EDR evasion in Go assembly☆365Jun 13, 2023Updated 2 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆243Sep 26, 2023Updated 2 years ago
- Simple BOF to read the protection level of a process☆118May 10, 2023Updated 2 years ago
- Using fibers to run in-memory code.☆240Oct 19, 2023Updated 2 years ago
- Modules used by the Havoc Framework☆264Jun 17, 2024Updated last year
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- ☆39May 20, 2023Updated 2 years ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆285Jun 8, 2023Updated 2 years ago