vxCrypt0r / VoidmawLinks
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆331Updated last year
Alternatives and similar repositories for Voidmaw
Users that are interested in Voidmaw are comparing it to the libraries listed below
Sorting:
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆359Updated 9 months ago
- kernel callback removal (Bypassing EDR Detections)☆198Updated 7 months ago
- ☆405Updated 11 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆270Updated last year
- ☆260Updated last year
- Sleep obfuscation☆248Updated 11 months ago
- Nameless C2 - A C2 with all its components written in Rust☆278Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆287Updated last year
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆198Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆378Updated 11 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆260Updated 7 months ago
- early cascade injection PoC based on Outflanks blog post☆232Updated last year
- Injecting DLL into LSASS at boot☆145Updated 6 months ago
- Windows rootkit designed to work with BYOVD exploits☆211Updated 9 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆272Updated last year
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆269Updated 2 weeks ago
- Reflective DLL Injection Made Bella☆243Updated 10 months ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆404Updated 2 years ago
- Open Source C&C Specification☆273Updated 8 months ago
- This repository implements Threadless Injection in C☆171Updated last year
- C++ self-Injecting dropper based on various EDR evasion techniques.☆414Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆279Updated 7 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆287Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆227Updated 9 months ago
- EDRSandblast-GodFault☆268Updated 2 years ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆165Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆356Updated 2 years ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆246Updated 2 months ago
- Ghosting-AMSI☆220Updated 6 months ago
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆279Updated last year