A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆347Oct 7, 2024Updated last year
Alternatives and similar repositories for Voidmaw
Users that are interested in Voidmaw are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Sleep obfuscation☆273Dec 13, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆197Feb 6, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆241Nov 7, 2024Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆63Nov 8, 2024Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- BOF with Synthetic Stackframe☆244Oct 30, 2025Updated 6 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆594Jun 12, 2024Updated last year
- "Service-less" driver loading☆185Nov 28, 2024Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆236Feb 12, 2025Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆304Jul 31, 2024Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆792Jan 26, 2026Updated 3 months ago
- Reaping treasures from strings in remote processes memory☆286Feb 8, 2025Updated last year
- COM ViewLogger — new malware keylogging technique☆407Jan 6, 2025Updated last year
- Stage 0☆169Dec 18, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆284Sep 18, 2024Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆328Apr 12, 2024Updated 2 years ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆269Apr 8, 2025Updated last year
- Port of Cobalt Strike's Process Inject Kit☆193Dec 1, 2024Updated last year
- A Mythic Agent written in PIC C.☆204Feb 4, 2025Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆191Jan 17, 2026Updated 3 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆170May 30, 2024Updated last year
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Evasive shellcode loader☆401Oct 17, 2024Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆133Oct 4, 2024Updated last year
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆576May 22, 2025Updated 11 months ago
- A PoC for Early Cascade process injection technique.☆216Jan 30, 2025Updated last year
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆247Mar 9, 2026Updated last month
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆335Mar 6, 2025Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆379Apr 19, 2023Updated 3 years ago
- A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…☆1,367Nov 12, 2025Updated 5 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆467Aug 2, 2024Updated last year
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ☆413Dec 8, 2024Updated last year
- Nameless C2 - A C2 with all its components written in Rust☆285Sep 26, 2024Updated last year
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆430Sep 29, 2025Updated 7 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆360Aug 11, 2024Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆292May 27, 2024Updated last year
- ☆61Oct 24, 2024Updated last year
- HookChain: A new perspective for Bypassing EDR Solutions☆600Jan 5, 2025Updated last year