vxCrypt0r / Voidmaw
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆298Updated 5 months ago
Alternatives and similar repositories for Voidmaw:
Users that are interested in Voidmaw are comparing it to the libraries listed below
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆277Updated 9 months ago
- Collect Windows telemetry for Maldev☆303Updated last month
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆389Updated last year
- Nameless C2 - A C2 with all its components written in Rust☆261Updated 5 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆390Updated 7 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆245Updated 11 months ago
- ☆348Updated 3 months ago
- ☆253Updated last year
- Sleep obfuscation☆209Updated 2 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆239Updated 7 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆345Updated 2 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆180Updated last year
- Open Source C&C Specification☆239Updated last week
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆253Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆302Updated 11 months ago
- Evasive shellcode loader☆346Updated 4 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆322Updated 7 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆182Updated 3 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆205Updated 4 months ago
- ☆224Updated 2 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆510Updated 9 months ago
- Windows rootkit designed to work with BYOVD exploits☆168Updated last month
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated last month
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆231Updated 3 months ago
- Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists☆419Updated last year
- C++ self-Injecting dropper based on various EDR evasion techniques.☆366Updated last year
- Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode...☆155Updated 6 months ago
- ROP-based sleep obfuscation to evade memory scanners☆332Updated last month
- early cascade injection PoC based on Outflanks blog post☆207Updated 4 months ago