Splitting and executing shellcode across multiple pages
☆103Jun 8, 2023Updated 2 years ago
Alternatives and similar repositories for PageSplit
Users that are interested in PageSplit are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆130Sep 27, 2023Updated 2 years ago
- Threadless Process Injection through entry point hijacking☆351Sep 10, 2024Updated last year
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆136Dec 20, 2022Updated 3 years ago
- A bunch of scripts and code i wrote.☆149Nov 7, 2024Updated last year
- Example of using Sleep to create better named pipes.☆41Jul 25, 2023Updated 2 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆225Jul 25, 2023Updated 2 years ago
- ☆46Jun 21, 2023Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- ☆143Jun 21, 2023Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- Detect EDR's exceptions by inspecting processes' loaded modules☆131Mar 15, 2024Updated 2 years ago
- ☆135Dec 4, 2023Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆413Jan 11, 2026Updated 2 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆65Mar 19, 2024Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆244Sep 26, 2023Updated 2 years ago
- Generate an obfuscated DLL that will disable AMSI & ETW☆331Jul 15, 2024Updated last year
- PoC arbitrary WPM without a process handle☆20Jul 22, 2023Updated 2 years ago
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Using fibers to run in-memory code.☆243Oct 19, 2023Updated 2 years ago
- ☆291Jul 20, 2023Updated 2 years ago
- BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.☆24Jul 5, 2023Updated 2 years ago
- ☆153Oct 2, 2023Updated 2 years ago
- Signtool for expired certificates☆513Jun 10, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 4 months ago
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆246Aug 2, 2023Updated 2 years ago
- ☆319Jun 28, 2023Updated 2 years ago
- Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP☆127Updated this week
- A PoC implementation for dynamically masking call stacks with timers.☆308Feb 13, 2023Updated 3 years ago
- ☆108Aug 21, 2024Updated last year
- ☆125Jun 28, 2023Updated 2 years ago
- Remote Shellcode Injector☆219Aug 27, 2023Updated 2 years ago
- ShellcodeFluctuation PoC ported to Nim☆79Oct 14, 2022Updated 3 years ago
- PoC demonstrating a multi process injection chain aimed at remotely executing shellcode☆259Jan 21, 2024Updated 2 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- The Definitive Guide To Process Cloning on Windows☆543Jan 3, 2024Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Weaponized HellsGate/SigFlip☆204Jun 7, 2023Updated 2 years ago
- A small x64 library to load dll's into memory.☆459Nov 6, 2023Updated 2 years ago