LloydLabs

🥸

CrowdStrikeLondon

Pinned Repositories

dearg-thread-ipc-stealth
A novel technique to communicate between threads using the standard ETHREAD structure
Language:C109 8 022
delete-self-poc
A way to delete a locked file, or current running executable, on disk.
Language:C501 18 391
elf-strings
elf-strings will programmatically read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.
Language:Go139 6 016
go-malwarebazaar
MalwareBazaar public API bindings for Go
Language:Go7 3 05
librini
Rini is a tiny, non-libc dependant, .ini file parser programmed from scratch in C99.
Language:C30 5 25
ntqueueapcthreadex-ntdll-gadget-injection
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Language:C231 5 232
process-enumeration-stealth
Language:C76 5 112
shellcode-plain-sight
Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
Language:C174 6 029
Windows-API-Hashing
This is a simple example and explanation of obfuscating API resolution via hashing
Language:C228 11 137
wsb-detect
wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
Language:C353 14 145

LloydLabs's Repositories

LloydLabs/delete-self-poc
A way to delete a locked file, or current running executable, on disk.
Language:C501 18 391
LloydLabs/wsb-detect
wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
Language:C353 14 145
LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Language:C231 5 232
LloydLabs/Windows-API-Hashing
This is a simple example and explanation of obfuscating API resolution via hashing
Language:C228 11 137
LloydLabs/shellcode-plain-sight
Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
Language:C174 6 029
LloydLabs/elf-strings
elf-strings will programmatically read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.
Language:Go139 6 016
LloydLabs/dearg-thread-ipc-stealth
A novel technique to communicate between threads using the standard ETHREAD structure
Language:C109 8 022
LloydLabs/process-enumeration-stealth
Language:C76 5 112
LloydLabs/librini
Rini is a tiny, non-libc dependant, .ini file parser programmed from scratch in C99.
Language:C30 5 25
LloydLabs/go-malwarebazaar
MalwareBazaar public API bindings for Go
Language:Go7 3 05
LloydLabs/sgrm-research
Repository to compliment my blog post on System Guard Runtime Monitor
Language:Lua5 2 00
LloydLabs/pafish-macos
A macOS pafish-like port to detect analysis/virtual environments
1 3 0
LloydLabs/pefile
pefile is a Python module to read and work with PE (Portable Executable) files
Language:Python1 1 01
LloydLabs/yara
The pattern matching swiss knife
Language:C1 1 0

LloydLabs

Pinned Repositories

dearg-thread-ipc-stealth

delete-self-poc

elf-strings

go-malwarebazaar

librini

ntqueueapcthreadex-ntdll-gadget-injection

process-enumeration-stealth

shellcode-plain-sight

Windows-API-Hashing

wsb-detect

LloydLabs's Repositories

LloydLabs/delete-self-poc

LloydLabs/wsb-detect

LloydLabs/ntqueueapcthreadex-ntdll-gadget-injection

LloydLabs/Windows-API-Hashing

LloydLabs/shellcode-plain-sight

LloydLabs/elf-strings

LloydLabs/dearg-thread-ipc-stealth

LloydLabs/process-enumeration-stealth

LloydLabs/librini

LloydLabs/go-malwarebazaar

LloydLabs/sgrm-research

LloydLabs/pafish-macos

LloydLabs/pefile

LloydLabs/yara