vxCrypt0r / Voidmaw
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆301Updated 6 months ago
Alternatives and similar repositories for Voidmaw:
Users that are interested in Voidmaw are comparing it to the libraries listed below
- ☆255Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆283Updated 10 months ago
- Nameless C2 - A C2 with all its components written in Rust☆266Updated 6 months ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆397Updated last year
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆185Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated 2 months ago
- Open Source C&C Specification☆244Updated last month
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆357Updated 4 months ago
- Collect Windows telemetry for Maldev☆340Updated 2 months ago
- ☆352Updated 4 months ago
- A PowerShell console in C/C++ with all the security features disabled☆227Updated last month
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆401Updated 8 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆160Updated 10 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆250Updated 8 months ago
- Windows rootkit designed to work with BYOVD exploits☆182Updated 3 months ago
- Sleep obfuscation☆216Updated 4 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆514Updated 10 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆250Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆259Updated 7 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆257Updated 10 months ago
- EDRSandblast-GodFault☆260Updated last year
- C++ self-Injecting dropper based on various EDR evasion techniques.☆370Updated last year
- Tools for analyzing EDR agents☆229Updated 10 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆113Updated last week
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆206Updated 2 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆310Updated last year
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆257Updated last year
- early cascade injection PoC based on Outflanks blog post☆214Updated 5 months ago
- A sophisticated, covert Windows-based credential dumper using C++ and MASM x64.☆399Updated 9 months ago
- shellcode loader for your evasion needs☆317Updated 5 months ago