☆138Aug 2, 2022Updated 3 years ago
Alternatives and similar repositories for RunAsWinTcb
Users that are interested in RunAsWinTcb are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆88Jul 31, 2022Updated 3 years ago
- Protected Process Dumper Tool☆584Aug 30, 2023Updated 2 years ago
- A simple PoC to invoke an encrypted shellcode by using an hidden call☆116Nov 19, 2022Updated 3 years ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- UAC bypass by abusing RPC and debug objects.☆628Oct 19, 2023Updated 2 years ago
- ☆119Aug 7, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆375May 24, 2022Updated 3 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- How to spoof the command line when spawning a new process from C#.☆111Dec 28, 2021Updated 4 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- BOF combination of KillDefender and Backstab☆167Mar 23, 2023Updated 3 years ago
- Killing your preferred antimalware by abusing native symbolic links and NT paths.☆359Jan 29, 2022Updated 4 years ago
- Dump the memory of a PPL with a userland exploit☆887Jul 24, 2022Updated 3 years ago
- ☆564Feb 22, 2024Updated 2 years ago
- ☆382Jan 19, 2023Updated 3 years ago
- TartarusGate, Bypassing EDRs☆657Jan 25, 2022Updated 4 years ago
- A PoC tool for exploiting leaked process and thread handles☆32Feb 13, 2024Updated 2 years ago
- ☆53Nov 11, 2021Updated 4 years ago
- collection of apis used in malware development☆229Aug 2, 2022Updated 3 years ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆989Dec 4, 2022Updated 3 years ago
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆111Apr 14, 2023Updated 2 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆145May 18, 2024Updated last year
- My personal shellcode loader☆32Mar 9, 2023Updated 3 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆534Aug 1, 2022Updated 3 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,008Jun 4, 2024Updated last year
- ☆164Dec 30, 2022Updated 3 years ago
- A small NtCreateUserProcess PoC that spawns a Command prompt.☆102Aug 25, 2022Updated 3 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆65Mar 19, 2024Updated 2 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆83Feb 26, 2022Updated 4 years ago
- ☆1,793Aug 30, 2024Updated last year
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- ☆132Oct 14, 2022Updated 3 years ago
- A Poc on blocking Procmon from monitoring network events☆111Aug 7, 2025Updated 7 months ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- It's pointy and it hurts!☆126Oct 18, 2022Updated 3 years ago
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆620Sep 26, 2023Updated 2 years ago
- Out-of-the-Box Tool to Obfuscate Excel XLS. Include Obfuscation & Hide for Cell Labels & BoundSheets☆48Aug 4, 2021Updated 4 years ago
- LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript☆345Sep 1, 2021Updated 4 years ago