zimnyaa / xyrella
PoC XLL builder in Python/Nim
☆40Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for xyrella
- ☆47Updated last year
- ShellcodeFluctuation PoC ported to Nim☆75Updated 2 years ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 4 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆38Updated 10 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆57Updated 8 months ago
- Tool for playing with Windows Access Token manipulation.☆52Updated last year
- A care package of useful bofs for red team engagments☆48Updated 2 years ago
- ☆59Updated 3 months ago
- Lockless BOF☆62Updated 9 months ago
- Just another ntdll unhooking using Parun's Fart technique☆72Updated last year
- Click Once + App Domain☆62Updated 11 months ago
- Beacon Object File allowing creation of Beacons in different sessions.☆76Updated 2 years ago
- Beacon Object Files (not Buffer Overflows)☆51Updated last year
- D/Invoke implementation in Nim☆99Updated 2 years ago
- Grab unsaved Notepad contents with a Beacon Object File☆48Updated 2 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆38Updated last year
- Threadless shellcode injection tool☆60Updated 3 months ago
- Sleep obfuscation for shellcode implants and their reflective shit☆52Updated last year
- ☆61Updated 2 years ago
- Simple .NET loader for loading and executing Powershell payloads☆15Updated 3 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆77Updated last year
- Halos Gate-based NTAPI Unhooker☆49Updated 2 years ago
- Python module for running BOFs☆64Updated last year
- Lateral Movement via the .NET Profiler☆76Updated 5 months ago
- Example of using Sleep to create better named pipes.☆41Updated last year
- ☆58Updated 11 months ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆78Updated 3 years ago
- Shellcode Injector that obtains system call opcodes using the Halo's Gate method to evade EDR Hooks.☆19Updated 2 years ago
- A process injection technique using only thread context manipulation☆23Updated 11 months ago