Splitting and executing shellcode across multiple pages
☆103Jun 8, 2023Updated 2 years ago
Alternatives and similar repositories for PageSplit
Users that are interested in PageSplit are comparing it to the libraries listed below
Sorting:
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆129Sep 27, 2023Updated 2 years ago
- Threadless Process Injection through entry point hijacking☆350Sep 10, 2024Updated last year
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆225Jul 25, 2023Updated 2 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆136Dec 20, 2022Updated 3 years ago
- A bunch of scripts and code i wrote.☆149Nov 7, 2024Updated last year
- ☆141Jun 21, 2023Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- ☆46Jun 21, 2023Updated 2 years ago
- Your syscall factory☆126Jan 13, 2026Updated last month
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆242Sep 26, 2023Updated 2 years ago
- ☆129Dec 4, 2023Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Example of using Sleep to create better named pipes.☆41Jul 25, 2023Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Signtool for expired certificates☆515Jun 10, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 3 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆409Jan 11, 2026Updated last month
- ☆292Jul 20, 2023Updated 2 years ago
- Generate an obfuscated DLL that will disable AMSI & ETW☆330Jul 15, 2024Updated last year
- ☆152Oct 2, 2023Updated 2 years ago
- Remote Shellcode Injector☆220Aug 27, 2023Updated 2 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆130Mar 15, 2024Updated last year
- ☆319Jun 28, 2023Updated 2 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆204Dec 27, 2023Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆309Feb 13, 2023Updated 3 years ago
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆24Jul 5, 2023Updated 2 years ago
- ☆108Aug 21, 2024Updated last year
- ☆123Oct 9, 2023Updated 2 years ago
- ☆125Jun 28, 2023Updated 2 years ago
- PoC demonstrating a multi process injection chain aimed at remotely executing shellcode☆260Jan 21, 2024Updated 2 years ago
- ☆79Aug 2, 2023Updated 2 years ago
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆293Jul 15, 2023Updated 2 years ago
- Using fibers to run in-memory code.☆242Oct 19, 2023Updated 2 years ago
- indirect syscalls for AV/EDR evasion in Go assembly☆371Jun 13, 2023Updated 2 years ago
- ☆100Sep 1, 2024Updated last year
- ☆39May 20, 2023Updated 2 years ago