Beast code in Giters

oink1984's starred repositories

HWSyscalls

HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.

Language:C++56900

SysWhispers3

SysWhispers on Steroids - AV/EDR evasion via direct system calls.

Language:PythonApache-2.0117800

TartarusGate

TartarusGate, Bypassing EDRs

Language:C45900

HellsGate

Original C Implementation of the Hell's Gate VX Technique

Language:C85700

no-defender

A slightly more fun way to disable windows defender + firewall. (through the WSC api)

Language:C++GPL-3.0167200

darkPulse

darkPulse是一个用go编写的shellcode Packer，用于生成各种各样的shellcode loader，免杀火绒，360核晶等国内常见杀软。

Language:Go52700

ShellcodeLoader

Windows通用免杀shellcode生成器，能够绕过Microsoft Defender、360、火绒、Panda等杀软的查杀。

Language:C++28600

Arkari

Yet another llvm based obfuscator based on goron.

Apache-2.026300

LoaderFly

助力每一位RT队员，快速生成免杀木马

Language:C63800

protections-artifacts

Elastic Security detection content for Endpoint

Language:YARANOASSERTION89500

callstack_spoof

Language:C++10200

AntiAntiVirusNotes

学习免杀的笔记

20400

DarkLoadLibrary

LoadLibrary for offensive operations

Language:C101400

Self_Deletion_BOF

BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs

Language:C16800

SelfDel-BOF

Delete file regardless of whether the handle is used via SetFileInformationByHandle

4000

CallObfuscator

Obfuscate specific windows apis with different apis

Language:C++97700

shellcodeloading

shellcode加载器 golang 分离免杀

Language:Go5900

CallStackSpoofer

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

Language:C++39400

CallStack-Spoofer

This tool will allow you to spoof the return addresses of your functions as well as system functions.

Language:C++Apache-2.036500

SigThief

Stealing Signatures and Making One Invalid Signature at a Time

Language:PythonBSD-3-Clause197900

Introduce

暨南大学软件工程大作业之《暨数据》----项目介绍(包含文档/源码分布导航；技术栈/架构汇总；展望/日志/安全等问题)

MIT500

String-Obfuscator-In-Compile-Time

C++ Header only string obfuscator library using metaprogramming. Affine Cipher technique is used for encryption and decryption.

Language:C++MIT14900

skCrypter

Compile-time, Usermode + Kernelmode, safe and lightweight string crypter library for C++11+

Language:C++MIT62900

dataBrawl

一键生成免杀木马的 shellcode 免杀框架

Language:Python7700

RunPE-In-Memory

Run a Exe File (PE Module) in memory (like an Application Loader)

Language:C++GPL-3.079700

XiebroC2

一款支持多人协作的渗透测试图形化框架、支持lua插件扩展、域前置/CDN上线、自定义多个模块、自定义shellcode、文件管理、进程管理、内存加载、反向代理等功能

Language:Go80500

ehids-agent

A Linux Host-based Intrusion Detection System based on eBPF.

Language:CAGPL-3.038600

shellcodeloader

Language:C++161300

AlternativeShellcodeExec

Alternative Shellcode Execution Via Callbacks

Language:C++MIT134300

Remote_ShellcodeLoader

远程shellcode加载&权限维持+小功能

Language:C28600