Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

C++ 1,206 195 Updated Jun 17, 2022

joshfaust / Alaris

A protective and Low Level Shellcode Loader that defeats modern EDR systems.

C 916 144 Updated Mar 20, 2024

Cracked5pider / Stardust

A modern 32/64-bit position independent implant template

C 1,310 212 Updated Mar 21, 2025

klezVirus / SilentMoonwalk

PoC Implementation of a fully dynamic call stack spoofer

C++ 935 109 Updated Jul 20, 2024

EspressoCake / Defender_Exclusions-BOF

A BOF to determine Windows Defender exclusions.

C++ 253 39 Updated Jun 25, 2023

itm4n / PPLcontrol

Controlling Windows PP(L)s

C++ 383 61 Updated Jun 9, 2023

am0nsec / HellsGate

Original C Implementation of the Hell's Gate VX Technique

C 1,173 133 Updated Jun 28, 2021

RedSection / OffensivePH

OffensivePH - use old Process Hacker driver to bypass several user-mode access controls

C 333 42 Updated Oct 9, 2021

nccgroup / WindowsPatchDetector

Experimental Windows .text section Patch Detector

C++ 22 10 Updated Jan 26, 2015

binderlabs / DirCreate2System

Weaponizing to get NT SYSTEM for Privileged Directory Creation Bugs with Windows Error Reporting

C++ 362 39 Updated Dec 19, 2022

OccamsXor / Dragnmove

Infect Shared Files In Memory for Lateral Movement

C++ 192 21 Updated Dec 14, 2022

deepinstinct / Dirty-Vanity

A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…

C 673 89 Updated Dec 23, 2022

netbiosX / AMSI-Provider

A fake AMSI Provider which can be used for persistence.

C++ 156 17 Updated May 16, 2021

CymulateResearch / Blindside

Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms

C++ 136 21 Updated Dec 20, 2022

thefLink / Memfiddler

Executes shellcode from a remote server and aims to evade in-memory scanners

C++ 31 5 Updated Nov 17, 2019

GetRektBoy724 / DCMB

Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!

C 252 35 Updated Jul 9, 2024

Maldev-Academy / HellHall

Performing Indirect Clean Syscalls

C 607 79 Updated Apr 19, 2023

aahmad097 / AlternativeShellcodeExec

Alternative Shellcode Execution Via Callbacks

C++ 1,702 331 Updated Nov 11, 2022

NVISOsecurity / CobaltWhispers

CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process injection, persistence and more, leveraging direct syscalls (SysWh…

C 242 35 Updated Jan 4, 2023

boku7 / BokuLoader

A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!

C 1,404 270 Updated Nov 22, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Soumyani1 reveng007

Achievements

Achievements

Block or report reveng007

C/cpp

PL-V / Firefox-WebInject

kahlon81 / Process-Injection-Direct-Syscall

RedCursorSecurityConsulting / PPLKiller

Mattiwatti / PPLKiller

3gstudent / ntfsDump

4g3nt47 / Striker

passthehashbrowns / hiding-your-syscalls

outflanknl / Dumpert

google / benchmark

boku7 / Ninja_UUID_Runner

mgeeky / ThreadStackSpoofer