an0x03e8 Goto Github PK

etwprocessmon2

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

execremoteassembly

Execute Remote Assembly with args passing and with AMSI and ETW patching

explorerpersist

Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when it's get loaded into the explorer process , our malicoius code get executed

fiber

Using fibers to run in-memory code in a different and stealthy way.

filelessntdllreflection

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported API from the export table

filelesspeloader

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

filelessremotepe

Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique

freeze

Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods

freeze.rs

Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST

grugq.github.com

Hacker OPSEC

hardhatc2

A c# Command & Control framework

heapcrypt

Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap

hwbp4mw

hwsyscalls

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

inceptor

Template-Driven AV/EDR Evasion Framework

iori_loader

UUID shellcode Loader with dynamic indirect syscall implementation, syscall number/instruction get resolved dynamicaly at runtime, and the syscall number/instruction get unhooked using Halosgate technique. Function address get resolved from the PEB by offsets and comparaison by hashes

kaynldr

KaynLdr is a Reflective Loader written in C/ASM

kerbrute

An script to perform kerberos bruteforcing by using impacket

koppeling

Adaptive DLL hijacking / dynamic export forwarding

ldrlockliberator

For when DLLMain is the only way

lime-crypter

Simple obfuscation tool

limelighter

A tool for generating fake code signing certificates or signing real ones

link

link is a command and control framework written in rust

maldevacademyldr.1

mangle

Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs

misc

miscellaneous scripts and programs

mordor-rs

Rusty Hell's Gate / Halo's Gate / Tartarus' Gate and FreshyCalls / SysWhispers1 / SysWhispers2 / SysWhispers3 Library

nimcrypt2

.NET, PE, & Raw Shellcode Packer/Loader Written in Nim

nina

NINA: No Injection, No Allocation x64 Process Injection Technique

ninja_uuid_runner

Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!