a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Callback of sysmon driver filter. RegSaveKeyExW() and RegRestoreKeyW() API which is not included in monitoring. This POC will use
☆65Aug 23, 2023Updated 2 years ago
Alternatives and similar repositories for Reg-Restore-Persistence-Mole
Users that are interested in Reg-Restore-Persistence-Mole are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆25Jul 5, 2023Updated 2 years ago
- A PoC for achieving persistence via push notifications on Windows☆48Jun 9, 2023Updated 2 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- A simple rpc2socks alternative in pure Go.☆31Jul 8, 2024Updated last year
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Click Once + App Domain☆67Feb 23, 2026Updated last month
- ☆31Jul 26, 2024Updated last year
- ☆75Feb 4, 2024Updated 2 years ago
- Terminate AV/EDR leveraging BYOVD attack☆102Mar 21, 2025Updated last year
- EDRSandblast-GodFault☆271Aug 28, 2023Updated 2 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆295Jul 15, 2023Updated 2 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year
- This program is used to perform reflective DLL Injection to a remote process specified by the user.☆64Jul 11, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆53May 21, 2020Updated 5 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆158Nov 7, 2023Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 11 months ago
- ☆83Nov 1, 2023Updated 2 years ago
- This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.☆121Feb 21, 2025Updated last year
- RunPE implementation with multiple evasive techniques (1)☆384Sep 22, 2023Updated 2 years ago
- Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscal…☆323Aug 2, 2023Updated 2 years ago
- A collection of (even more) alternative shellcode callback methods in CSharp☆81Oct 26, 2024Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- RDPCredentialStealer it's an implant that steal credentials provided by users in RDP using API Hooking with Detours in C++☆267Mar 11, 2026Updated last month
- Evasive Golang Loader☆137Jul 27, 2024Updated last year
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆20Apr 17, 2023Updated 3 years ago
- A python port of CCob's ThreadlessInject☆25Mar 18, 2023Updated 3 years ago
- Automated (kinda) deployment of MalRDP infrastructure with Terraform & Ansible☆12Sep 15, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 5 months ago
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆186Aug 2, 2023Updated 2 years ago
- ☆18Feb 29, 2024Updated 2 years ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆40Jan 14, 2024Updated 2 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A cross-platform tool to parse and describe the contents of a raw ntSecurityDescriptor structure☆48Oct 4, 2025Updated 6 months ago
- A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.☆90Nov 9, 2023Updated 2 years ago
- Exploitation of echo_driver.sys☆170Sep 16, 2023Updated 2 years ago
- Linux Sleep Obfuscation☆115Jan 7, 2024Updated 2 years ago
- Safe Harbor is a BOF that streamlines process reconnaissance for red team operations by identifying trusted, low-noise targets to maintai…☆80Oct 27, 2025Updated 5 months ago
- A dynamic unpacking tool☆152Sep 17, 2023Updated 2 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Nov 21, 2022Updated 3 years ago