wabzsy / gonutView external linksLinks
Generator of https://github.com/TheWover/donut in pure Go. supports compression, AMSI/WLDP/ETW bypass, etc.
☆64Jul 29, 2023Updated 2 years ago
Alternatives and similar repositories for gonut
Users that are interested in gonut are comparing it to the libraries listed below
Sorting:
- A BOF/COFF loader implemented in Go and CGO.☆23Jan 16, 2024Updated 2 years ago
- ☆41Jul 10, 2023Updated 2 years ago
- Various implementations for C# in memory execution. Assembly.Load() Assembly.LoadFile() AppDomain.ExecuteAssembly()☆35Feb 10, 2021Updated 5 years ago
- Test AMSI Provider implementation in C#☆42Dec 18, 2024Updated last year
- A Simple PoC☆22May 24, 2024Updated last year
- Binary Hollowing☆94Sep 10, 2024Updated last year
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Sep 8, 2021Updated 4 years ago
- ☆29May 10, 2024Updated last year
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- DNS Tunneling as net.Conn☆16Dec 22, 2024Updated last year
- Shellcode loader generator with multiples features☆507Dec 31, 2024Updated last year
- impacket编程手册☆103Oct 13, 2023Updated 2 years ago
- Alternative Shellcode Execution Via Callbacks Rewrite In C#☆90Apr 28, 2023Updated 2 years ago
- ☆15Jul 21, 2025Updated 6 months ago
- ☆15Nov 19, 2023Updated 2 years ago
- ☆222Mar 10, 2024Updated last year
- A Go implementation of Cobalt Strike style BOF/COFF loaders.☆265Feb 22, 2025Updated 11 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆84Oct 18, 2024Updated last year
- Fileless atexec, no more need for port 445☆404Mar 28, 2024Updated last year
- Golang 版SigThief☆85Jan 30, 2022Updated 4 years ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 9 months ago
- Tool scan EternalBlue by golang☆21Sep 13, 2019Updated 6 years ago
- ☆18Nov 23, 2023Updated 2 years ago
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆271Apr 17, 2023Updated 2 years ago
- Lateral Movement☆125Nov 14, 2023Updated 2 years ago
- ☆31Oct 23, 2023Updated 2 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆296Jul 31, 2024Updated last year
- Execute unmanaged Windows executables in CobaltStrike Beacons☆714Mar 4, 2023Updated 2 years ago
- 关于RPC一些绕EDR的tips☆198Mar 3, 2023Updated 2 years ago
- 针对finereportv10反序列化接口/webroot/decision/remote/design/channel进行无回显检测并提供Godzilla memshell注入功能(部分环境缺少依赖无法成功)☆24Oct 17, 2023Updated 2 years ago
- A mutliple tactics to execute shellcode in go :}☆23Apr 21, 2025Updated 9 months ago
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago
- Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).☆585Mar 19, 2024Updated last year
- Generate an obfuscated DLL that will disable AMSI & ETW☆329Jul 15, 2024Updated last year
- 获取chrome 浏览器记录☆43Sep 6, 2025Updated 5 months ago
- BOF with Synthetic Stackframe☆220Oct 30, 2025Updated 3 months ago
- 一个简易的woodpecker反序列化插件☆44Jun 7, 2024Updated last year
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆50May 22, 2025Updated 8 months ago
- Enable-All-Tokens is a Go-based project designed to adjust and enable a list of specified privileges for the current process token on a W…☆10Apr 21, 2025Updated 9 months ago