☆36Aug 21, 2024Updated last year
Alternatives and similar repositories for VectoredExceptionHandling
Users that are interested in VectoredExceptionHandling are comparing it to the libraries listed below
Sorting:
- ☆108Aug 21, 2024Updated last year
- Cobalt Strike BOF☆42Dec 10, 2025Updated 2 months ago
- Post-Ex BOF tooling for Hannibal☆24Nov 20, 2024Updated last year
- Execute commands, in/exfiltrate files using your custom RPC Server☆65Jan 13, 2026Updated last month
- SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in…☆14Dec 8, 2024Updated last year
- ☆160Jan 27, 2025Updated last year
- Leverage WindowsApp createdump tool to obtain an lsass dump☆153Sep 20, 2024Updated last year
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆346Nov 19, 2024Updated last year
- A PoC UDRL for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (D…☆93Jan 21, 2026Updated last month
- C# alternative to the linux "cat" command... Prints file contents to console. For use with Cobalt Strike's Execute-Assembly☆15Jul 15, 2021Updated 4 years ago
- MacOS Shared Library to Shellcode Loader☆51Updated this week
- Windows Thread Pool Injection Havoc Implementation☆33Mar 23, 2024Updated last year
- Windows Administrator level Implant.☆50Sep 28, 2024Updated last year
- Execute shellcode via ASPNET compiler☆62Oct 2, 2025Updated 4 months ago
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆287Jan 21, 2024Updated 2 years ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆298Jul 31, 2024Updated last year
- Python script to obfuscate VBA (Virtual Basic for Applications) macros☆61Jan 11, 2020Updated 6 years ago
- This tool leverages the Process Forking technique using the RtlCreateProcessReflection API to clone the lsass.exe process. Once the clone…☆215Oct 19, 2024Updated last year
- A simple POC to expose Mythic as a MCP server☆73Mar 20, 2025Updated 11 months ago
- Python3 Ebowla... 3Bowla☆17Jan 7, 2020Updated 6 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 2 years ago
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- A hoontr must hoont☆105Nov 27, 2025Updated 3 months ago
- LSASS enumeration like pypykatz written in C-Lang☆20Dec 1, 2021Updated 4 years ago
- ☆48May 12, 2021Updated 4 years ago
- Automated .NET AppDomain hijack payload generation☆129Feb 4, 2025Updated last year
- DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely☆381Dec 13, 2024Updated last year
- ☆126Sep 1, 2024Updated last year
- A BOF that runs unmanaged PEs inline☆680Oct 23, 2024Updated last year
- ☆146Nov 6, 2025Updated 3 months ago
- Slides and resources from MCTTP 2025 Talk☆66Oct 26, 2025Updated 4 months ago
- BOF template with boflink and mutator kit support☆49Jan 8, 2026Updated last month
- Source code and examples for PassiveAggression☆64Jun 6, 2024Updated last year
- Tool to obtain hash using MS-SNTP for user accounts☆29Jan 22, 2025Updated last year
- Mythic Developer Series: Workshop Golang Agent☆25Jun 27, 2023Updated 2 years ago
- ☆100Sep 1, 2024Updated last year
- Linux Sleep Obfuscation☆112Jan 7, 2024Updated 2 years ago
- A Mythic Agent written in PIC C.☆207Feb 4, 2025Updated last year
- RunPE adapted for x64 and written in C, does not use RWX☆28May 18, 2024Updated last year