virtualalllocex Goto Github PK
Name: VirtualAllocEx
Type: User
Company: RedOps GmbH
Twitter: VirtualAllocEx
Blog: https://redops.at/en/
Name: VirtualAllocEx
Type: User
Company: RedOps GmbH
Twitter: VirtualAllocEx
Blog: https://redops.at/en/
Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
C++ self-Injecting dropper based on various EDR evasion techniques.
This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.
This POC provides the ability to execute x86 shellcode in the form of a .bin file based on x86 inline assembly and execution over fibers
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
Security product hook detection
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
Shellcode Loader with memory evasion
This repository contains sample programs that mimick behavior found in real-world malware. The goal is to provide source code that can be compiled and used for learning purposes, without having to worry about handling live malware.
This repository contains sample programs written primarily in C and C++ for learning native code reverse engineering.
Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)
Remote Shellcode Injector
OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines
This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.
Shellcode execution via x86 inline assembly based on MSVC syntax
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
TartarusGate, Bypassing EDRs
Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encrypted assembly instructions, thus rendering memory scanners useless for that specific memory page.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.