vxCrypt0r / Voidmaw
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆298Updated 5 months ago
Alternatives and similar repositories for Voidmaw:
Users that are interested in Voidmaw are comparing it to the libraries listed below
- Nameless C2 - A C2 with all its components written in Rust☆262Updated 5 months ago
- ☆349Updated 3 months ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆277Updated 9 months ago
- Collect Windows telemetry for Maldev☆316Updated last month
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆390Updated last year
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆181Updated last year
- Sleep obfuscation☆210Updated 3 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆347Updated 3 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆245Updated 11 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆394Updated 7 months ago
- ☆254Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated last month
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆255Updated last year
- Open Source C&C Specification☆240Updated 3 weeks ago
- Evasive shellcode loader☆347Updated 5 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆319Updated last year
- Slides & Code snippets for a workshop held @ x33fcon 2024☆255Updated 9 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆232Updated 3 months ago
- Stealthily inject shellcode into an executable☆155Updated 3 weeks ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆323Updated 7 months ago
- Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists☆421Updated last year
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆208Updated 4 months ago
- shellcode loader for your evasion needs☆316Updated 4 months ago
- Kill AV/EDR leveraging BYOVD attack☆343Updated last year
- comprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reducti…☆195Updated 9 months ago
- Some POCs for my BYOVD research and find some vulnerable drivers☆182Updated 6 months ago
- early cascade injection PoC based on Outflanks blog post☆207Updated 4 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆157Updated 9 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆308Updated last year