Popular repositories

1. D1rkLrd Public

   Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscall instruction address resolving at run time

   C++ 161 30

2. NTDLLReflection Public

   Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

   C++ 150 19

3. Shellcode-Hide Public

   This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)

   C++ 128 34

4. PSpersist Public

   Dropping a powershell script at %HOMEPATH%\Documents\windowspowershell\ , that contains the implant's path , and whenever powershell process is created, the implant will be executed too.

   C++ 52 7

5. AMSI_patch Public

   Patching AmsiOpenSession by forcing an error branching

   C++ 30 10

6. ntdlll-unhooking-collection Public

   different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)

   C++ 21 7