vxCrypt0r / VoidmawLinks
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆333Updated last year
Alternatives and similar repositories for Voidmaw
Users that are interested in Voidmaw are comparing it to the libraries listed below
Sorting:
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆288Updated last year
- Use hardware breakpoint to dynamically change SSN in run-time☆270Updated last year
- ☆407Updated 11 months ago
- kernel callback removal (Bypassing EDR Detections)☆203Updated 2 weeks ago
- ☆259Updated last year
- Nameless C2 - A C2 with all its components written in Rust☆278Updated last year
- Sleep obfuscation☆251Updated 11 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆362Updated 9 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆262Updated 7 months ago
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆278Updated last month
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆200Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆379Updated 11 months ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆252Updated 3 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆279Updated 7 months ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆405Updated 2 years ago
- early cascade injection PoC based on Outflanks blog post☆232Updated last year
- Reflective DLL Injection Made Bella☆244Updated 10 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆272Updated last year
- Windows rootkit designed to work with BYOVD exploits☆211Updated 10 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆440Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆288Updated last year
- Evasive shellcode loader☆398Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆322Updated last year
- Collect Windows telemetry for Maldev☆437Updated last month
- A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Cal…☆246Updated 5 months ago
- Injecting DLL into LSASS at boot☆145Updated 7 months ago
- Open Source C&C Specification☆272Updated 9 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆358Updated 2 years ago
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆252Updated 2 months ago
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆281Updated last year