injectEtwBypass
ETW bypass tool
Tool to bypass ETW (Event Tracing for Windows) security measure in remote processes by injecting a custom syscall
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
276 stars
7 watching
55 forks
Language: C
last commit: about 4 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
| boku7/injectamsibypass | A tool that bypasses AMSI in a remote process with code injection. | 377 |
| boku7/halosgate-ps | A Cobalt Strike Beacon Object File (BOF) that uses custom syscaller code to make direct system calls to retrieve process information on the target system. | 95 |
| boku7/spawn | A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection. | 440 |
| boku7/hollow | A tool that enables remote process shellcode execution using the Early Bird injection technique | 267 |
 octoberfest7/eventvieweruac_bof | A tool that bypasses UAC restrictions on Windows by deserializing and executing malicious code in Event Viewer. | 129 |
 airbus-cert/invoke-bof | Loads and executes a malicious payload in a Windows system using PowerShell. | 245 |
 netero1010/trustedpath-uacbypass-bof | Tools and techniques to bypass Windows UAC restrictions on executable files by utilizing DCOM objects | 119 |
 pizz33/gobypassav-shellcode | A tool for creating shellcode bypasses of antivirus software | 823 |
 bohops/ultimatewdacbypasslist | A centralized resource for bypassing Windows Device Guard Application Whitelisting (WDAC) policies. | 489 |
 codewatchorg/bypasswaf | An extension that automatically adds headers to Burp requests to bypass certain Web Application Firewall products. | 330 |
 nvisosecurity/cobaltwhispers | An aggressor script that allows Cobalt Strike to perform process injection and persistence by leveraging direct syscalls to bypass EDR/AV systems. | 229 |
 pyroxenites/boftools | A collection of tools and techniques for exploiting vulnerabilities in software applications. | 17 |
 swisskyrepo/payloadsallthethings | A comprehensive collection of tools and techniques for web application security testing and exploitation | 61,904 |
 bronzeticket/clipboardwindow-inject | A tool that injects malicious code into the clipboard window of a remote process to execute custom shellcode | 65 |
 encodegroup/uac-silentclean | A technique to bypass Windows UAC security restrictions using a DLL planting method for executing malicious code in high integrity processes. | 190 |