A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆340Oct 7, 2024Updated last year
Alternatives and similar repositories for Voidmaw
Users that are interested in Voidmaw are comparing it to the libraries listed below
Sorting:
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆237Nov 7, 2024Updated last year
- BOF with Synthetic Stackframe☆225Oct 30, 2025Updated 4 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆592Jun 12, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆298Jul 31, 2024Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆232Feb 12, 2025Updated last year
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆266Apr 8, 2025Updated 10 months ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆776Jan 26, 2026Updated last month
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Stage 0☆169Dec 18, 2024Updated last year
- COM ViewLogger — new malware keylogging technique☆405Jan 6, 2025Updated last year
- Generic PE loader for fast prototyping evasion techniques☆244Jul 2, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆381Dec 13, 2024Updated last year
- A Mythic Agent written in PIC C.☆207Feb 4, 2025Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆169May 30, 2024Updated last year
- Port of Cobalt Strike's Process Inject Kit☆191Dec 1, 2024Updated last year
- Evasive shellcode loader☆400Oct 17, 2024Updated last year
- A PoC for Early Cascade process injection technique.☆211Jan 30, 2025Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆186Jan 17, 2026Updated last month
- HookChain: A new perspective for Bypassing EDR Solutions☆590Jan 5, 2025Updated last year
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆128Oct 4, 2024Updated last year
- Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!☆539May 9, 2025Updated 9 months ago
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆334Mar 6, 2025Updated 11 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆458Aug 2, 2024Updated last year
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆571May 22, 2025Updated 9 months ago
- Nameless C2 - A C2 with all its components written in Rust☆283Sep 26, 2024Updated last year
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆423Sep 29, 2025Updated 5 months ago
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆246Nov 2, 2025Updated 4 months ago
- ☆59Oct 24, 2024Updated last year
- ☆409Dec 8, 2024Updated last year
- A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…☆1,314Nov 12, 2025Updated 3 months ago
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆409Jan 11, 2026Updated last month