tastypepperoni / RunAsWinTcb
☆134Updated 2 years ago
Related projects: ⓘ
- Experiment on reproducing Obfuscate & Sleep☆136Updated 3 years ago
- ☆206Updated last year
- It's pointy and it hurts!☆120Updated last year
- Load a dynamic library from memory by modifying the native Windows loader☆198Updated 11 months ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆244Updated last year
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 3 years ago
- Exploitation of echo_driver.sys☆165Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆171Updated last year
- Exploitation of process killer drivers☆182Updated 11 months ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆126Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆177Updated 3 months ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆163Updated last year
- WTSRM☆198Updated 2 years ago
- ☆161Updated 2 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆67Updated 2 years ago
- ☆123Updated 2 years ago
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆162Updated last year
- The code is a pingback to the Dark Vortex blog:☆162Updated last year
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆227Updated last year
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆214Updated 2 months ago
- ☆152Updated last year
- Deleting Shadow Copies In Pure C++☆111Updated last year
- ☆221Updated this week
- ☆99Updated this week
- ☆97Updated last year
- miscellaneous scripts and programs☆211Updated last year
- Achieve execution using a custom keyboard layout☆160Updated last year
- Small PoC of using a Microsoft signed executable as a lolbin.☆131Updated last year
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆189Updated 2 years ago