☆36Aug 21, 2024Updated last year
Alternatives and similar repositories for VectoredExceptionHandling
Users that are interested in VectoredExceptionHandling are comparing it to the libraries listed below
Sorting:
- ☆108Aug 21, 2024Updated last year
- Cobalt Strike BOF☆43Dec 10, 2025Updated 3 months ago
- ☆31Aug 23, 2020Updated 5 years ago
- ☆160Jan 27, 2025Updated last year
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆107Jan 21, 2026Updated 2 months ago
- Execute commands, in/exfiltrate files using your custom RPC Server☆66Jan 13, 2026Updated 2 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- Automated .NET AppDomain hijack payload generation☆129Feb 4, 2025Updated last year
- SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in…☆14Dec 8, 2024Updated last year
- C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly☆15Jul 15, 2021Updated 4 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- Python script to obfuscate VBA (Virtual Basic for Applications) macros☆61Jan 11, 2020Updated 6 years ago
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆287Jan 21, 2024Updated 2 years ago
- A BOF that runs unmanaged PEs inline☆683Oct 23, 2024Updated last year
- Leverage WindowsApp createdump tool to obtain an lsass dump☆153Sep 20, 2024Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆384Dec 13, 2024Updated last year
- AV bypass while you sip your Chai!☆223May 17, 2024Updated last year
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆24Jul 11, 2025Updated 8 months ago
- ☆126Sep 1, 2024Updated last year
- ApexLdr is a DLL Payload Loader written in C☆117Jul 17, 2024Updated last year
- Windows Administrator level Implant.☆50Sep 28, 2024Updated last year
- Windows Thread Pool Injection Havoc Implementation☆34Mar 23, 2024Updated last year
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆216Oct 19, 2024Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- ☆100Sep 1, 2024Updated last year
- MacOS Shared Library to Shellcode Loader☆60Feb 23, 2026Updated 3 weeks ago
- PowerShell-based utility for mapping byte offsets to source code using hex and ASCII context for detection research and red team tooling.☆32Dec 31, 2025Updated 2 months ago
- ☆79Aug 5, 2024Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆85Aug 13, 2024Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 3 years ago
- tgtdelegation is a Beacon Object File (BOF) to obtain a usable TGT via the "TGT delegation trick"☆178Nov 26, 2021Updated 4 years ago
- ☆26Mar 10, 2022Updated 4 years ago
- ☆29May 10, 2024Updated last year
- Filesystem interaction via firebeam virtual machine execution☆34Updated this week
- A simple POC to expose Mythic as a MCP server☆73Mar 20, 2025Updated last year
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆23Aug 27, 2022Updated 3 years ago
- ☆37Nov 8, 2024Updated last year