0xvm

FFFF0800`00000000

Pinned Repositories

0xvm.github.io
Language:CSS0 1 00
AMSIBypass.cs
yet another amsi.dll
Language:C#3 3 00
csharp_reverse_shell
c# reverse shell poc
Language:C#26 5 012
DInjector
Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
Language:C#1 0 00
DLL_keylog
win64 keylogger compiled as dll
Language:C++4 3 05
EDRs
Language:C1 0 00
MaldevAcademyLdr.1
Language:C1 0 00
riscy-business
RISC-V Virtual Machine
Language:C1 0 00
SyscallPack
BOF and Shellcode for full DLL unhooking using dynamic syscalls
Language:C3 0 00
TokenPlayer
Manipulating and Abusing Windows Access Tokens.
Language:C++1 2 01

0xvm's Repositories

0xvm/SyscallPack
BOF and Shellcode for full DLL unhooking using dynamic syscalls
Language:C3 0 00
0xvm/DInjector
Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL
Language:C#1 0 00
0xvm/EDRs
Language:C1 0 00
0xvm/MaldevAcademyLdr.1
Language:C1 0 00
0xvm/riscy-business
RISC-V Virtual Machine
Language:C1 0 00
0xvm/0xvm.github.io
Language:CSS0 1 00
0xvm/acheron
indirect syscalls for AV/EDR evasion in Go assembly
Language:Assembly0 0 00
0xvm/APCLdr
Payload Loader With Evasion Features
Language:C0 0 00
0xvm/AtomLdr
A DLL loader with advanced evasive features
Language:C0 0
0xvm/c_syscalls
Single stub direct and indirect syscalling with runtime SSN resolving for windows.
Language:C0 0
0xvm/CallBack
Execute Mimikatz in shellcode format, uses native API VirtualAlloc and EnumSystemGeoID
Language:C#0 0
0xvm/concealed_code_execution
Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows
Language:C0 0
0xvm/goffloader
A Go implementation of Cobalt Strike style BOF/COFF loaders.
Language:Go0 0
0xvm/hwbp4mw
Language:C++0 0
0xvm/ImmoralFiber
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)
Language:C++0 0
0xvm/impacket-static-binaries
Impacket static binaries, because you never know when you'll need them.
Language:Python1 0
0xvm/inteloops
Exploits Intel's signed iqvw64e.sys driver to allow manual mapping and read/writing of memory at a kernel level.
Language:C++0 0
0xvm/Jlaive-1
Antivirus evasion tool (crypter) that converts executables into undetectable batch files.
Language:C#0 0
0xvm/KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Language:C#0 0
0xvm/NtDumpBOF
Language:C0 0
0xvm/offensive_c
Language:C0 0
0xvm/OneBootloaderToLoadThemAll
One Bootloader to Load Them All - Research materials, Code , Etc.
Language:C0 0
0xvm/OSED-Notes
Some notes + exercises that I've done during my study for the Offensive Security Exploit Developer.
Language:Python0 0
0xvm/PatchlessInlineExecute-Assembly
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
Language:C0 0
0xvm/PE-Obfuscator
PE obfuscator with Evasion in mind
Language:C0 0
0xvm/PINKPANTHER
Windows x64 handcrafted token stealing kernel-mode shellcode
Language:Assembly0 0
0xvm/process-cloning
The Definitive Guide To Process Cloning on Windows
Language:C0 0
0xvm/rustclr
Host CLR and run .NET binaries using Rust
0xvm/vs-shellcode
Shellcode template for visual studio
0 0
0xvm/WTSRM2
Language:C++0 0