xalicex / LOLDrivers_finderView external linksLinks
☆89Jul 18, 2023Updated 2 years ago
Alternatives and similar repositories for LOLDrivers_finder
Users that are interested in LOLDrivers_finder are comparing it to the libraries listed below
Sorting:
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- Exploitation of process killer drivers☆202Oct 17, 2023Updated 2 years ago
- A BOF to determine Windows Defender exclusions.☆253Jun 25, 2023Updated 2 years ago
- Threadless Process Injection using remote function hooking.☆809Sep 4, 2024Updated last year
- A simple C2 using Google Translate Webpage for data evasion☆12Jan 30, 2023Updated 3 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 2 years ago
- I have documented all of the AMSI patches that I learned till now☆75Nov 4, 2025Updated 3 months ago
- Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器☆63Apr 29, 2024Updated last year
- C# AV/EDR Killer using less-known driver (BYOVD)☆185Nov 10, 2023Updated 2 years ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆84Oct 18, 2024Updated last year
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- ☆129Jun 28, 2023Updated 2 years ago
- kill anti-malware protected processes ( BYOVD )☆970Jul 21, 2023Updated 2 years ago
- ☆60Jan 9, 2023Updated 3 years ago
- A collection of various and sundry code snippets that leverage .NET dynamic tradecraft☆146May 18, 2024Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆187Jan 26, 2023Updated 3 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆772Jan 26, 2026Updated 3 weeks ago
- ☆161Jun 18, 2023Updated 2 years ago
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year
- indirect syscalls for AV/EDR evasion in Go assembly☆365Jun 13, 2023Updated 2 years ago
- ☆247Dec 16, 2022Updated 3 years ago
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆394Jan 9, 2024Updated 2 years ago
- ☆105May 15, 2023Updated 2 years ago
- A Visual Studio template used to create Cobalt Strike BOFs☆323Nov 17, 2021Updated 4 years ago
- ROP-based sleep obfuscation to evade memory scanners☆375Jun 22, 2025Updated 7 months ago
- A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.☆28Dec 16, 2021Updated 4 years ago
- Its a coff loader ported to go( Modified by TimWhite )☆26Jul 17, 2023Updated 2 years ago
- WptsExtensions.dll for exploiting DLL hijacking of the task scheduler.☆55Jun 30, 2021Updated 4 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆280Sep 18, 2024Updated last year
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆243Sep 26, 2023Updated 2 years ago
- Find DLLs with RWX section☆79Jul 3, 2023Updated 2 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- Using fibers to run in-memory code.☆240Oct 19, 2023Updated 2 years ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆474Jul 6, 2024Updated last year
- ☆126Sep 1, 2024Updated last year
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Feb 11, 2024Updated 2 years ago
- Terminate AV/EDR Processes using kernel driver☆352Jun 12, 2023Updated 2 years ago
- ☆16Mar 26, 2024Updated last year