zimnyaa / insomnia
a stage1 DLL loader with sleep obfuscation
☆32Updated last year
Related projects ⓘ
Alternatives and complementary repositories for insomnia
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆37Updated 10 months ago
- Malware?☆69Updated last month
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆37Updated 3 months ago
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆102Updated last month
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆32Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆127Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Next gen process injection technique☆42Updated 4 years ago
- a demo module for the kaine agent to execute and inject assembly modules☆35Updated 2 months ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆159Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated 2 months ago
- A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code☆39Updated last month
- Collect Windows telemetry for Maldev☆36Updated this week
- ☆40Updated last year
- Section-based payload obfuscation technique for x64☆58Updated 3 months ago
- ☆81Updated 2 months ago
- RunPE adapted for x64 and written in C, does not use RWX☆24Updated 5 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆54Updated 7 months ago
- Patch AMSI and ETW in remote process via direct syscall☆77Updated 2 years ago
- Splitting and executing shellcode across multiple pages☆99Updated last year
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆77Updated last year
- Command and Control☆21Updated 2 months ago
- Halos Gate-based NTAPI Unhooker☆49Updated 2 years ago
- ☆34Updated last year
- ☆44Updated 2 years ago
- Piece of code to detect and remove hooks in IAT☆58Updated 2 years ago
- ☆105Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- A process injection technique using only thread context manipulation☆23Updated 10 months ago