takes shellcode bad-bytes and banishes them, returning cleaned shellcode with preserved functionalities
☆58Mar 1, 2026Updated last week
Alternatives and similar repositories for byvalver
Users that are interested in byvalver are comparing it to the libraries listed below
Sorting:
- A self-hosted, real-time collaborative workspace for offensive security assessments.☆41Feb 20, 2026Updated 2 weeks ago
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆121Dec 23, 2025Updated 2 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆37Aug 5, 2025Updated 7 months ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- Chisel new generation, written in rust. SSH under WSS with some customization.☆128Jan 24, 2026Updated last month
- Phantom Keylogger is an advanced, stealth-enabled keystroke and visual intelligence gathering system.☆75Dec 10, 2025Updated 2 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆122Sep 8, 2024Updated last year
- A custom SentinelOne USB scanner.☆18Mar 26, 2022Updated 3 years ago
- Demo code JavaScript POC that tricks user into sending Windows hash to responder☆37Dec 12, 2025Updated 2 months ago
- A cross-platform C++ framework for building Windows shellcode☆161Updated this week
- Overview of MS Defender☆108Feb 20, 2026Updated 2 weeks ago
- PowerShell SharePoint extraction + auditing tool for red/blue/purple teams. Enumerates all SharePoint sites/drives a user can access via …☆114Jan 25, 2026Updated last month
- Try to transport the tcpip stack of ReactOS to Windows XP.☆17Feb 27, 2014Updated 12 years ago
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆36Updated this week
- Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB☆24Jun 27, 2025Updated 8 months ago
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆52May 16, 2025Updated 9 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆140Aug 31, 2025Updated 6 months ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆204Dec 17, 2025Updated 2 months ago
- Low-level MS Windows registry files analysis tools☆19May 5, 2016Updated 9 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of …☆18Apr 4, 2023Updated 2 years ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆49Nov 2, 2025Updated 4 months ago
- Crystal Palace library for proxying Nt API calls via the Threadpool☆101Oct 18, 2025Updated 4 months ago
- C++ macro for x64 programs that breaks ida hex-rays decompiler tool.☆140Apr 12, 2024Updated last year
- ☆54Mar 26, 2025Updated 11 months ago
- ☆27Mar 6, 2025Updated last year
- eBPF-powered silent observer for containerized runtimes, built for malware analysis sandboxes and Agentic AI monitoring.☆64Mar 2, 2026Updated last week
- GenZ Shellcode Generator to execute commands with winExec API☆22Apr 27, 2025Updated 10 months ago
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated 11 months ago
- Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.☆72Jan 27, 2026Updated last month
- Specialized tool to dump Position Independent Code.☆22Aug 4, 2020Updated 5 years ago
- x64 Registration-Free In-Process COM Automation Server.☆51Nov 28, 2022Updated 3 years ago
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆68Jan 19, 2026Updated last month
- A single header library for simply creating statically allocated state machines.☆27Feb 19, 2025Updated last year
- Guide on using the PPPwnGo GUI tool☆11Sep 26, 2024Updated last year
- kASLR bypass technique on Intel CPUs.☆32May 18, 2025Updated 9 months ago
- User-mode implementation of HTTP.SYS. Implements HTTP 1.1 of the "HTTP Server API 2.0" for web servers☆45Feb 17, 2025Updated last year
- Generate Proxy DLLs in Rust☆48Mar 2, 2026Updated last week