waawaa / AMSI_Rubeus_bypassView external linksLinks
☆72Aug 2, 2022Updated 3 years ago
Alternatives and similar repositories for AMSI_Rubeus_bypass
Users that are interested in AMSI_Rubeus_bypass are comparing it to the libraries listed below
Sorting:
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- My implementation of Halo's Gate technique in C#☆54Apr 20, 2022Updated 3 years ago
- D/Invoke implementation in Nim☆103Jun 8, 2022Updated 3 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.☆117Dec 26, 2021Updated 4 years ago
- Rewrote HellsGate in C# for fun and learning☆86Feb 10, 2022Updated 4 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Apr 10, 2022Updated 3 years ago
- Start new PowerShell without etw and amsi in pure nim☆157Feb 14, 2022Updated 4 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- Patch AMSI and ETW☆249May 8, 2024Updated last year
- Cobalt Strike BOF to list Windows Pipes & return their Owners & DACL Permissions☆93Mar 8, 2023Updated 2 years ago
- Using syscall to load shellcode, Evasion techniques☆27Jul 18, 2021Updated 4 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- YouTube/Livestream project for obfuscating C# source code using Roslyn☆129May 9, 2021Updated 4 years ago
- A small NtCreateUserProcess PoC that spawns a Command prompt.☆102Aug 25, 2022Updated 3 years ago
- Nim version of MDSec's Parallel Syscall PoC☆124Jan 14, 2022Updated 4 years ago
- C# Based Universal API Unhooker☆411Feb 18, 2022Updated 3 years ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs☆96Aug 1, 2022Updated 3 years ago
- ☆164Dec 30, 2022Updated 3 years ago
- Ntdll Unhooking POC☆19Aug 12, 2022Updated 3 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆95Jun 20, 2022Updated 3 years ago
- A quick example of the Hells Gate technique in Nim☆96Aug 11, 2021Updated 4 years ago
- Overwrite a process's recovery callback and execute with WER☆103Apr 17, 2022Updated 3 years ago
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- ☆120Dec 23, 2022Updated 3 years ago
- ☆12Apr 7, 2022Updated 3 years ago
- A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique☆52Dec 6, 2018Updated 7 years ago
- WNF Code Execution Library Using C#☆110May 18, 2020Updated 5 years ago
- grim reaper c2☆347Nov 19, 2022Updated 3 years ago
- ☆26May 22, 2021Updated 4 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- Local privilege escalation from SeImpersonatePrivilege using EfsRpc.☆338Oct 17, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆373May 24, 2022Updated 3 years ago
- nuke that event log using some epic dinvoke fu☆118May 12, 2021Updated 4 years ago
- Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly☆117Sep 30, 2024Updated last year