A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆343Oct 7, 2024Updated last year
Alternatives and similar repositories for Voidmaw
Users that are interested in Voidmaw are comparing it to the libraries listed below
Sorting:
- Sleep obfuscation☆271Dec 13, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆239Nov 7, 2024Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- BOF with Synthetic Stackframe☆233Oct 30, 2025Updated 4 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆592Jun 12, 2024Updated last year
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆234Feb 12, 2025Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆787Jan 26, 2026Updated last month
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- COM ViewLogger — new malware keylogging technique☆408Jan 6, 2025Updated last year
- Stage 0☆169Dec 18, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆268Apr 8, 2025Updated 11 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆326Apr 12, 2024Updated last year
- Port of Cobalt Strike's Process Inject Kit☆192Dec 1, 2024Updated last year
- A Mythic Agent written in PIC C.☆206Feb 4, 2025Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆169May 30, 2024Updated last year
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- Evasive shellcode loader☆400Oct 17, 2024Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆133Oct 4, 2024Updated last year
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆571May 22, 2025Updated 10 months ago
- A PoC for Early Cascade process injection technique.☆214Jan 30, 2025Updated last year
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆246Mar 9, 2026Updated 2 weeks ago
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆335Mar 6, 2025Updated last year
- A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…☆1,330Nov 12, 2025Updated 4 months ago
- .NET assembly loader with patchless AMSI and ETW bypass☆374Apr 19, 2023Updated 2 years ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆460Aug 2, 2024Updated last year
- ☆410Dec 8, 2024Updated last year
- Nameless C2 - A C2 with all its components written in Rust☆284Sep 26, 2024Updated last year
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆424Sep 29, 2025Updated 5 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆361Aug 11, 2024Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆290May 27, 2024Updated last year
- ☆59Oct 24, 2024Updated last year
- HookChain: A new perspective for Bypassing EDR Solutions☆594Jan 5, 2025Updated last year