tbhaxor / WinAPI-RedBlue
Source code of exploiting windows API for red teaming series
☆148Updated 2 years ago
Alternatives and similar repositories for WinAPI-RedBlue:
Users that are interested in WinAPI-RedBlue are comparing it to the libraries listed below
- WTSRM☆209Updated 2 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆364Updated 2 years ago
- Beacon Object File Loader☆286Updated last year
- Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs☆295Updated 2 years ago
- miscellaneous scripts and programs☆239Updated 2 months ago
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆279Updated 2 years ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆207Updated 2 years ago
- A new AMSI Bypass technique using .NET ALI Call Hooking.☆190Updated 2 years ago
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆376Updated last year
- Dump the memory of any PPL with a Userland exploit chain☆332Updated 2 years ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆446Updated last year
- This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and down…☆246Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆271Updated 2 years ago
- x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks☆205Updated 2 years ago
- TartarusGate, Bypassing EDRs☆579Updated 3 years ago
- POC for frustrating/defeating Malware Analysts☆154Updated 2 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆346Updated 2 years ago
- Patch AMSI and ETW☆236Updated 11 months ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆246Updated last year
- Experiment on reproducing Obfuscate & Sleep☆143Updated 4 years ago
- Tools and PoCs for Windows syscall investigation.☆358Updated 3 months ago
- Evasive Process Hollowing Techniques☆138Updated 4 years ago
- GhostWriting Injection Technique.☆170Updated 7 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated 2 months ago
- ☆116Updated last year
- EDRSandblast-GodFault☆259Updated last year
- ☆256Updated 2 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆187Updated last year
- ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…☆300Updated last year
- Exploitation of process killer drivers☆199Updated last year