vxCrypt0r / Voidmaw
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆307Updated 7 months ago
Alternatives and similar repositories for Voidmaw
Users that are interested in Voidmaw are comparing it to the libraries listed below
Sorting:
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆284Updated 11 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆338Updated 3 months ago
- Use hardware breakpoint to dynamically change SSN in run-time☆253Updated last year
- ☆353Updated 5 months ago
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆397Updated last year
- Open Source C&C Specification☆247Updated 2 months ago
- Some POCs for my BYOVD research and find some vulnerable drivers☆206Updated last month
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆361Updated 4 months ago
- Nameless C2 - A C2 with all its components written in Rust☆266Updated 7 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆220Updated 6 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆253Updated 9 months ago
- Windows rootkit designed to work with BYOVD exploits☆198Updated 3 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆407Updated 9 months ago
- kernel callback removal (Bypassing EDR Detections)☆162Updated last month
- ☆256Updated last year
- Collect Windows telemetry for Maldev☆344Updated 3 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆185Updated last year
- Evasive shellcode loader☆361Updated 6 months ago
- Sleep obfuscation☆222Updated 4 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆311Updated last year
- A PowerShell console in C/C++ with all the security features disabled☆229Updated last week
- ☆301Updated 6 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆333Updated 9 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆261Updated 7 months ago
- shellcode loader for your evasion needs☆323Updated last week
- .NET assembly loader with patchless AMSI and ETW bypass☆330Updated 2 years ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆237Updated last month
- ROP-based sleep obfuscation to evade memory scanners☆350Updated 3 months ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆310Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆187Updated 5 months ago