vxCrypt0r / Voidmaw
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆95Updated last month
Related projects ⓘ
Alternatives and complementary repositories for Voidmaw
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆136Updated 2 weeks ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆107Updated last month
- ☆116Updated 2 months ago
- PoC for using MS Windows printers for persistence / command and control via Internet Printing☆143Updated 6 months ago
- ☆125Updated 3 months ago
- Rust port of LayeredSyscall, designed to perform indirect syscalls while generating legitimate API call stack frames by abusing Vectored …☆91Updated last week
- Construct the payload at runtime using an array of offsets☆58Updated 4 months ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆118Updated 3 months ago
- early cascade injection PoC based on Outflanks blog post☆132Updated this week
- ☆139Updated 4 months ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆155Updated 3 weeks ago
- GregsBestFriend process injection code created from the White Knight Labs Offensive Development course☆171Updated last year
- 「💀」Proof of concept on BYOVD attack☆148Updated 8 months ago
- Recursive Loader☆102Updated last month
- ☆106Updated 6 months ago
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆113Updated 4 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆148Updated 5 months ago
- ☆118Updated last year
- ☆124Updated 2 weeks ago
- Leverage WindowsApp createdump tool to obtain an lsass dump☆142Updated last month
- A set of programs for analyzing common vulnerabilities in COM☆152Updated 2 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆205Updated last month
- Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination…☆138Updated 3 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!☆80Updated 4 months ago
- IronSharpPack is a repo of popular C# projects that have been embedded into IronPython scripts that execute an AMSI bypass and then refle…☆104Updated 6 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆54Updated 2 months ago
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆47Updated 8 months ago
- Windows Kernel Offensive Toolset☆113Updated 2 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆122Updated 5 months ago