Implants Coding
Native API header files for the System Informer project.
.NET assembly loader with patchless AMSI and ETW bypass
Unchain AMSI by patching the provider’s unmonitored memory space
Various Process Injection Techniques
Proof-of-concept obfuscation toolkit for C# post-exploitation tools
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
Threadless Process Injection using remote function hooking.
Venom is a library that meant to perform evasive communication using stolen browser socket
Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
Template-Driven AV/EDR Evasion Framework
Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.
Module Stomping, No New Thread, HellsGate syscaller, UUID Shellcode Runner for x64 Windows 10!
C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs
Another meterpreter injection technique using C# that attempts to bypass Defender
ScareCrow - Payload creation framework designed around EDR bypass.
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
A source generator to add a user-defined set of Win32 P/Invoke methods and supporting types to a C# project.
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
Source generator to add D/Invoke and indirect syscall methods to a C# project.