A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆348Oct 7, 2024Updated last year
Alternatives and similar repositories for Voidmaw
Users that are interested in Voidmaw are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Sleep obfuscation☆272Dec 13, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- early cascade injection PoC based on Outflanks blog post☆241Nov 7, 2024Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆195Nov 27, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- BOF with Synthetic Stackframe☆239Oct 30, 2025Updated 5 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆593Jun 12, 2024Updated last year
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆234Feb 12, 2025Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆790Jan 26, 2026Updated 2 months ago
- Reaping treasures from strings in remote processes memory☆285Feb 8, 2025Updated last year
- COM ViewLogger — new malware keylogging technique☆408Jan 6, 2025Updated last year
- Stage 0☆168Dec 18, 2024Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆328Apr 12, 2024Updated last year
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆269Apr 8, 2025Updated last year
- Port of Cobalt Strike's Process Inject Kit☆193Dec 1, 2024Updated last year
- A Mythic Agent written in PIC C.☆203Feb 4, 2025Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆383Dec 13, 2024Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆191Jan 17, 2026Updated 2 months ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆170May 30, 2024Updated last year
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Evasive shellcode loader☆400Oct 17, 2024Updated last year
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆133Oct 4, 2024Updated last year
- Shadow Dumper is a powerful tool used to dump LSASS memory, often needed in penetration testing and red teaming. It uses multiple advance…☆573May 22, 2025Updated 10 months ago
- A PoC for Early Cascade process injection technique.☆215Jan 30, 2025Updated last year
- Red teaming tool to dump LSASS memory, bypassing basic countermeasures.☆247Mar 9, 2026Updated last month
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆335Mar 6, 2025Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆375Apr 19, 2023Updated 2 years ago
- A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Inte…☆1,347Nov 12, 2025Updated 5 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆462Aug 2, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- ☆410Dec 8, 2024Updated last year
- Nameless C2 - A C2 with all its components written in Rust☆285Sep 26, 2024Updated last year
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆426Sep 29, 2025Updated 6 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆361Aug 11, 2024Updated last year
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆291May 27, 2024Updated last year
- ☆60Oct 24, 2024Updated last year
- HookChain: A new perspective for Bypassing EDR Solutions☆595Jan 5, 2025Updated last year