LloydLabs

🥸

CrowdStrikeLondon

Pinned Repositories

dearg-thread-ipc-stealth
A novel technique to communicate between threads using the standard ETHREAD structure
Language:C101 8 022
delete-self-poc
A way to delete a locked file, or current running executable, on disk.
Language:C479 18 386
elf-strings
elf-strings will programmatically read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.
Language:Go139 6 017
go-malwarebazaar
MalwareBazaar public API bindings for Go
Language:Go8 3 05
librini
Rini is a tiny, non-libc dependant, .ini file parser programmed from scratch in C99.
Language:C29 5 24
ntqueueapcthreadex-ntdll-gadget-injection
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Language:C225 4 233
process-enumeration-stealth
Language:C74 5 012
shellcode-plain-sight
Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
Language:C163 6 028
Windows-API-Hashing
This is a simple example and explanation of obfuscating API resolution via hashing
Language:C223 10 138
wsb-detect
wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
Language:C346 14 149

LloydLabs's Repositories

LloydLabs/delete-self-poc
A way to delete a locked file, or current running executable, on disk.
Language:C479 18 386
LloydLabs/wsb-detect
wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
Language:C346 14 149
LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Language:C225 4 233
LloydLabs/Windows-API-Hashing
This is a simple example and explanation of obfuscating API resolution via hashing
Language:C223 10 138
LloydLabs/shellcode-plain-sight
Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
Language:C163 6 028
LloydLabs/elf-strings
elf-strings will programmatically read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.
Language:Go139 6 017
LloydLabs/dearg-thread-ipc-stealth
A novel technique to communicate between threads using the standard ETHREAD structure
Language:C101 8 022
LloydLabs/process-enumeration-stealth
Language:C74 5 012
LloydLabs/librini
Rini is a tiny, non-libc dependant, .ini file parser programmed from scratch in C99.
Language:C29 5 24
LloydLabs/go-malwarebazaar
MalwareBazaar public API bindings for Go
Language:Go8 3 05
LloydLabs/sgrm-research
Repository to compliment my blog post on System Guard Runtime Monitor
Language:Lua5 2 00
LloydLabs/pafish-macos
A macOS pafish-like port to detect analysis/virtual environments
1 3 0
LloydLabs/pefile
pefile is a Python module to read and work with PE (Portable Executable) files
Language:Python1 1 01
LloydLabs/yara
The pattern matching swiss knife
Language:C1 1 0

LloydLabs

Pinned Repositories

dearg-thread-ipc-stealth

delete-self-poc

elf-strings

go-malwarebazaar

librini

ntqueueapcthreadex-ntdll-gadget-injection

process-enumeration-stealth

shellcode-plain-sight

Windows-API-Hashing

wsb-detect

LloydLabs's Repositories

LloydLabs/delete-self-poc

LloydLabs/wsb-detect

LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection

LloydLabs/Windows-API-Hashing

LloydLabs/shellcode-plain-sight

LloydLabs/elf-strings

LloydLabs/dearg-thread-ipc-stealth

LloydLabs/process-enumeration-stealth

LloydLabs/librini

LloydLabs/go-malwarebazaar

LloydLabs/sgrm-research

LloydLabs/pafish-macos

LloydLabs/pefile

LloydLabs/yara