Hades - Go Shellcode Loader That Combines Multiple Evasion Techniques

Hades is a proof of concept loader that combines several evasion technques with the aim of bypassing the defensive mechanisms commonly used by modern AV/EDRs. Usage The easiest way, is probably building the project on Linux using make. git clone https://github.com/f1zm0/hades && cd hades make The...

Jektor - A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses

This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via...

FalconEye - Real-time detection software for Windows process injections

FalconEye is a windows endpoint detection software for real-time process injections. It is a kernel-mode driver that aims to catch process injections as they are happening real-time. Since FalconEye runs in kernel mode, it provides a stronger and reliable defense against process injection...

Staying Hidden on the Endpoint: Evading Detection with Shellcode

True red team assessments require a secondary objective of avoiding detection. Part of the glory of a successful red team assessment is not getting detected by anything or anyone on the system. As modern Endpoint Detection and Response EDR products have matured over the years, the red teams must...

Published some of Ring3 at the end of the process of skill-vulnerability warning-the black bar safety net

In response to the XHR call, in 2 0 0 8 年 5 月 5, re-finishing, and some new skills. 2 0 0 8 years 7 months 1 3 to increase a skill. All of OpenProcess/ZwOpenProcess/OpenThread/ZwOpenThread can replace the ZwQuerySystemInformation-ZwOpenProcess-ZwDuplicateObject it. Specific is why your own...