vxCrypt0r / Voidmaw
A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders implemented by C2 beacons) or other problematic executables that will be flagged by the antimalware programs(such as mimikatz).
☆291Updated 4 months ago
Alternatives and similar repositories for Voidmaw:
Users that are interested in Voidmaw are comparing it to the libraries listed below
- Open Source C&C Specification☆232Updated this week
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry☆379Updated 6 months ago
- Evasive shellcode loader☆337Updated 3 months ago
- Various resources to enhance Cobalt Strike's functionality and its ability to evade antivirus/EDR detection☆274Updated 8 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆250Updated 8 months ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆269Updated 8 months ago
- ☆249Updated last year
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆390Updated last year
- Use hardware breakpoint to dynamically change SSN in run-time☆246Updated 10 months ago
- Sleep obfuscation☆208Updated 2 months ago
- Bypass Credential Guard by patching WDigest.dll using only NTAPI functions☆216Updated 2 months ago
- Collect Windows telemetry for Maldev☆294Updated last week
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆342Updated 2 months ago
- A tool employs direct registry manipulation to create scheduled tasks without triggering the usual event logs.☆516Updated last month
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆180Updated last year
- Nameless C2 - A C2 with all its components written in Rust☆259Updated 4 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆333Updated this week
- ☆343Updated 2 months ago
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆172Updated 2 months ago
- A PoC of the ContainYourself research presented in DEFCON 31, which abuses the Windows containers framework to bypass EDRs.☆307Updated last year
- Extracting NetNTLM without touching lsass.exe☆233Updated last year
- shellcode loader for your evasion needs☆311Updated 3 months ago
- Port of Cobalt Strike's Process Inject Kit☆165Updated 2 months ago
- Proof of Concept (PoC) .NET tool for remotely killing EDR with WDAC☆331Updated last month
- Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST☆176Updated 4 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆509Updated 8 months ago
- Extract and execute a PE embedded within a PNG file using an LNK file.☆355Updated 3 months ago
- Simulate the behavior of AV/EDR for malware development training.☆460Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆313Updated last year
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver☆256Updated last week