coldfusion39
Follow
Evasion
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
Get fresh Syscalls from a fresh ntdll.dll copy
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtC…
Shellcode injection technique. Given as C++ header, standalone Rust program or library.
ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h
Nim version of MDSec's Parallel Syscall PoC
Patches the Microsoft Linker so that it produces executables without the 'Rich' header
This is a simple tool to remove the "Rich" header from binaries (EXE or DLL files) created by M$ development tools.
A simple program to hook the current process to identify the manual syscall executions on windows
Convert shellcode into ✨ different ✨ formats!
POC of a better implementation of GetProcAddress for ntdll using binary search
A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
Piece of code to detect and remove hooks in IAT
An implementation and proof-of-concept of Process Forking.
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting…
UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware
Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction within NTDLL.
Research code & papers from members of vx-underground.