☆72Aug 2, 2022Updated 3 years ago
Alternatives and similar repositories for AMSI_Rubeus_bypass
Users that are interested in AMSI_Rubeus_bypass are comparing it to the libraries listed below
Sorting:
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- My implementation of Halo's Gate technique in C#☆54Apr 20, 2022Updated 3 years ago
- D/Invoke implementation in Nim☆100Jun 8, 2022Updated 3 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.☆117Dec 26, 2021Updated 4 years ago
- Rewrote HellsGate in C# for fun and learning☆86Feb 10, 2022Updated 4 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Apr 10, 2022Updated 3 years ago
- Start new PowerShell without etw and amsi in pure nim☆157Feb 14, 2022Updated 4 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- Patch AMSI and ETW☆249May 8, 2024Updated last year
- Using syscall to load shellcode, Evasion techniques☆27Jul 18, 2021Updated 4 years ago
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆94Mar 8, 2023Updated 3 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- YouTube/Livestream project for obfuscating C# source code using Roslyn☆129May 9, 2021Updated 4 years ago
- A small NtCreateUserProcess PoC that spawns a Command prompt.☆102Aug 25, 2022Updated 3 years ago
- Nim version of MDSec's Parallel Syscall PoC☆124Jan 14, 2022Updated 4 years ago
- C# Based Universal API Unhooker☆411Feb 18, 2022Updated 4 years ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs☆94Aug 1, 2022Updated 3 years ago
- ☆164Dec 30, 2022Updated 3 years ago
- Ntdll Unhooking POC☆19Aug 12, 2022Updated 3 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆94Jun 20, 2022Updated 3 years ago
- A quick example of the Hells Gate technique in Nim☆94Aug 11, 2021Updated 4 years ago
- Overwrite a process's recovery callback and execute with WER☆102Apr 17, 2022Updated 3 years ago
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- ☆121Dec 23, 2022Updated 3 years ago
- ☆12Apr 7, 2022Updated 3 years ago
- A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique☆52Dec 6, 2018Updated 7 years ago
- WNF Code Execution Library Using C#☆110May 18, 2020Updated 5 years ago
- grim reaper c2☆346Nov 19, 2022Updated 3 years ago
- ☆26May 22, 2021Updated 4 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- Local privilege escalation from SeImpersonatePrivilege using EfsRpc.☆337Oct 17, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- nuke that event log using some epic dinvoke fu☆118May 12, 2021Updated 4 years ago
- Resolve WinAPI func. Custom GetProcAddress and GetModuleHandle written in Nim☆32Jun 2, 2021Updated 4 years ago