VirtualAlllocEx
Follow
-
-
Voidgate Public
Forked from vxCrypt0r/VoidgateA technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry…
C++ BSD 3-Clause "New" or "Revised" License UpdatedJun 12, 2024 -
Windows-Local-Privilege-Escalation-Cookbook Public
Forked from nickvourd/Windows-Local-Privilege-Escalation-CookbookWindows Local Privilege Escalation Cookbook
-
EDR-Preloader Public
Forked from MalwareTech/EDR-PreloaderAn EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
-
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
-
DEFCON-31-Syscalls-Workshop Public
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
-
learning-malware-analysis Public
Forked from jstrosch/learning-malware-analysisThis repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to …
-
learning-reverse-engineering Public
Forked from jstrosch/learning-reverse-engineeringThis repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.
-
UnlinkDLL Public
Forked from frkngksl/UnlinkDLLDLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
-
Tartarus-TpAllocInject Public
Forked from nettitude/Tartarus-TpAllocInject -
NovaLdr Public
Forked from BlackSnufkin/NovaLdrThreadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
-
CallstackSpoofingPOC Public
Forked from pard0p/CallstackSpoofingPOCC++ self-Injecting dropper based on various EDR evasion techniques.
-
Jomungand Public
Forked from dannymas/JomungandShellcode Loader with memory evasion
C++ UpdatedOct 22, 2023 -
-
NtRemoteLoad Public
Forked from florylsk/NtRemoteLoadRemote Shellcode Injector
-
OSCP-Tricks-2023 Public
Forked from rodolfomarianocy/OSCP-Tricks-2023OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines
4 UpdatedAug 27, 2023 -
-
HWSyscalls Public
Forked from Dec0ne/HWSyscallsHWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
-
HadesLdr Public
Forked from CognisysGroup/HadesLdrShellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
-
This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (…
-
DSC_SVC_REMOTE Public
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted servic…
-
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
-
-
Shell-we-Assembly Public
Shellcode execution via x86 inline assembly based on MSVC syntax
-
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
-
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers
-
WinMalDev Public
Forked from Kr0ff/WinMalDevVarious methods of executing shellcode
-
SysWhispers3 Public
Forked from klezVirus/SysWhispers3SysWhispers on Steroids - AV/EDR evasion via direct system calls.
-
Blindside Public
Forked from CymulateResearch/BlindsideUtilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
-
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged