Indirect Syscall invocation via thread hijacking
☆26May 5, 2023Updated 2 years ago
Alternatives and similar repositories for SysCook64
Users that are interested in SysCook64 are comparing it to the libraries listed below
Sorting:
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- PoC arbitrary WPM without a process handle☆20Jul 22, 2023Updated 2 years ago
- ☆13Feb 25, 2023Updated 3 years ago
- EQGRP: Replicating DarkPulsar, an DLL capable of hooking Security Package Method Tables on the Heap!☆10Oct 11, 2020Updated 5 years ago
- Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pen…☆13May 11, 2023Updated 2 years ago
- some AV / EDR / analysis studies☆10May 21, 2023Updated 2 years ago
- Small collection of Active Directory pentesting tools.☆32Jan 29, 2024Updated 2 years ago
- Win64 UEFI Driver-based tool for unrestricted memory R/W☆30Feb 8, 2022Updated 4 years ago
- An x64 binary executing code that's not inside of it.☆17Feb 28, 2023Updated 3 years ago
- Used to AES encrypt shellcode, can take password or use built in default should be used with Iron Injector to generate and execute shellc…☆15Mar 18, 2022Updated 3 years ago
- BloodyAv is Custom Shell Code loader to Bypass Av and Edr.☆14Mar 21, 2022Updated 3 years ago
- Interactive program for loading AES encrypted shellcode with Dynamic Invocation, and interactive .NET assemblies in memory.☆13Mar 16, 2022Updated 3 years ago
- Self-spreading Java malware targeting Minecraft servers. Infected servers are capable of scanning for other vulnerable servers, encryptin…☆17Dec 23, 2024Updated last year
- Tool for pivoting over SMB pipes☆16Jul 20, 2019Updated 6 years ago
- Basic brute-force script targeting the standard Keycloak Admin/User Console browser login flow.☆25Apr 6, 2025Updated 10 months ago
- A bunch of scripts and code i wrote.☆149Nov 7, 2024Updated last year
- LSTAR - CobaltStrike Translated to EN☆22Jun 15, 2023Updated 2 years ago
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- ☆22Jul 29, 2021Updated 4 years ago
- Yet, Another Packer/Loader☆25Feb 26, 2023Updated 3 years ago
- A launcher to load a DLL with xored cobalt strike shellcode executed in memory through process hollowing technique☆27Nov 11, 2022Updated 3 years ago
- Splitting and executing shellcode across multiple pages☆103Jun 8, 2023Updated 2 years ago
- lnk_parser is a full rust implementation to parse windows LNK files☆23Feb 17, 2026Updated last week
- Labs setup for tests & experimentations☆25Aug 30, 2021Updated 4 years ago
- Bybit API client library for Go (ByBit API connector)☆10Dec 19, 2025Updated 2 months ago
- reverse socks tunneler with ntlm and proxy support☆28Nov 24, 2019Updated 6 years ago
- Windows Process Injection Toolkit - plain and simple :)☆28Jul 29, 2018Updated 7 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- Listing UDP connections with remote address without sniffing.☆31Sep 26, 2023Updated 2 years ago
- Shadowsocks-like proxy written in Go☆37Dec 18, 2019Updated 6 years ago
- A simple Linux in-memory .so loader☆33Mar 29, 2023Updated 2 years ago
- 将PE文件进行AES加密,然后从远程拉取加载内存中实现免杀☆37Mar 1, 2023Updated 3 years ago
- Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation☆31Sep 24, 2022Updated 3 years ago
- Standalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+☆35Dec 1, 2025Updated 3 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆41Jul 9, 2023Updated 2 years ago
- SpicyAD is a C# Active Directory penetration testing tool designed for authorized security assessments. It combines multiple AD attack te…☆99Dec 23, 2025Updated 2 months ago
- NTLM Hash Generator☆10Apr 2, 2021Updated 4 years ago
- WhatsCloud is an android app which allows you to analyze your WhatsApp chat history on the fly with only one click☆12Jul 29, 2019Updated 6 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆41Dec 31, 2020Updated 5 years ago