unkvolism / Fuck-Etw
Bypass the Event Trace Windows(ETW) and unhook ntdll.
☆92Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Fuck-Etw
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆145Updated 10 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆47Updated 8 months ago
- Encodes a payload within a generated mock-CSS file☆55Updated last year
- This project is an implant framework designed for long term persistent access to Windows machines.☆110Updated last year
- A repository with my code snippets for research/education purposes.☆50Updated last year
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆51Updated 4 months ago
- this script adds the ability to encode shellcode (.bin) in XOR,chacha20, AES. You can choose between 2 loaders (Myph / 221b)☆77Updated 10 months ago
- Red Team Operation's Defense Evasion Technique.☆51Updated 5 months ago
- Just another C2 Redirector using CloudFlare.☆78Updated 5 months ago
- Construct the payload at runtime using an array of offsets☆58Updated 4 months ago
- a variety of tools,scripts and techniques developed and shared with different programming languages by 0xsp Lab☆53Updated 6 months ago
- Do some DLL SideLoading magic☆74Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆54Updated 2 months ago
- 「💀」Proof of concept on BYOVD attack☆147Updated 8 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆45Updated 6 months ago
- ☆24Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆81Updated 4 months ago
- .bin file to shellcode convertor☆28Updated 4 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆90Updated last year
- C# havoc implant☆96Updated last year
- ShadowForge Command & Control - Harnessing the power of Zoom's API, control a compromised Windows Machine from your Zoom Chats.☆43Updated last year
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section☆94Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆113Updated last year
- Automated .NET AppDomain hijack payload generation☆114Updated 3 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆107Updated last month
- Duplicate not owned Token from Running Process☆72Updated last year
- APT-Attack-Simulation simulates APT 29 and Lockbit TTPs, showcasing phishing, ISO execution, and DLL proxying for persistence and privile…☆43Updated 6 months ago