oink1984's starred repositories
HWSyscalls
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
SysWhispers3
SysWhispers on Steroids - AV/EDR evasion via direct system calls.
TartarusGate
TartarusGate, Bypassing EDRs
no-defender
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
ShellcodeLoader
Windows通用免杀shellcode生成器,能够绕过Microsoft Defender、360、火绒、Panda等杀软的查杀。
protections-artifacts
Elastic Security detection content for Endpoint
AntiAntiVirusNotes
学习免杀的笔记
DarkLoadLibrary
LoadLibrary for offensive operations
Self_Deletion_BOF
BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs
SelfDel-BOF
Delete file regardless of whether the handle is used via SetFileInformationByHandle
CallObfuscator
Obfuscate specific windows apis with different apis
shellcodeloading
shellcode加载器 golang 分离免杀
CallStackSpoofer
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
CallStack-Spoofer
This tool will allow you to spoof the return addresses of your functions as well as system functions.
String-Obfuscator-In-Compile-Time
C++ Header only string obfuscator library using metaprogramming. Affine Cipher technique is used for encryption and decryption.
RunPE-In-Memory
Run a Exe File (PE Module) in memory (like an Application Loader)
ehids-agent
A Linux Host-based Intrusion Detection System based on eBPF.
shellcodeloader
shellcodeloader
AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
Remote_ShellcodeLoader
远程shellcode加载&权限维持+小功能