vxCrypt0r / VoidmawLinks
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆319Updated 9 months ago
Alternatives and similar repositories for Voidmaw
Users that are interested in Voidmaw are comparing it to the libraries listed below
Sorting:
- kernel callback removal (Bypassing EDR Detections)☆183Updated 4 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆350Updated 5 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆264Updated last year
- ☆260Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆287Updated last year
- ☆401Updated 7 months ago
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆374Updated 7 months ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆398Updated last year
- Some POCs for my BYOVD research and find some vulnerable drivers☆293Updated 2 weeks ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆248Updated 3 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆227Updated 2 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆271Updated last year
- Sleep obfuscation☆229Updated 7 months ago
- Windows rootkit designed to work with BYOVD exploits☆204Updated 6 months ago
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆262Updated last year
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆167Updated 4 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆193Updated last year
- Exploitation of process killer drivers☆201Updated last year
- Open Source C&C Specification☆262Updated 5 months ago
- Reflective DLL Injection Made Bella☆230Updated 6 months ago
- A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Cal…☆203Updated last month
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆161Updated last year
- Nameless C2 - A C2 with all its components written in Rust☆269Updated 10 months ago
- Injecting DLL into LSASS at boot☆131Updated 3 months ago
- Stealthily inject shellcode into an executable☆236Updated last month
- .NET assembly loader with patchless AMSI and ETW bypass☆345Updated 2 years ago
- ROP-based sleep obfuscation to evade memory scanners☆359Updated last month
- early cascade injection PoC based on Outflanks blog post☆227Updated 8 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆265Updated 3 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆420Updated last year