Skip to content
View VirtualAlllocEx's full-sized avatar
🏠
Working from home
🏠
Working from home

Sponsoring

@BC-SECURITY
@SaadAhla
@S3cur3Th1sSh1t
@fin3ss3g0d

Highlights

  • Pro

Block or report VirtualAlllocEx

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Popular repositories Loading

  1. DEFCON-31-Syscalls-Workshop DEFCON-31-Syscalls-Workshop Public

    Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

    C 632 93

  2. Payload-Download-Cradles Payload-Download-Cradles Public

    This are different types of download cradles which should be an inspiration to play and create new download cradles to bypass AV/EPP/EDR in context of download cradle detections.

    PowerShell 258 51

  3. Create-Thread-Shellcode-Fetcher Create-Thread-Shellcode-Fetcher Public

    This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (…

    C++ 246 51

  4. Direct-Syscalls-vs-Indirect-Syscalls Direct-Syscalls-vs-Indirect-Syscalls Public

    The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

    C 164 22

  5. Direct-Syscalls-A-journey-from-high-to-low Direct-Syscalls-A-journey-from-high-to-low Public

    Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

    C 128 20

  6. Taskschedule-Persistence-Download-Cradles Taskschedule-Persistence-Download-Cradles Public

    Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged

    HTML 86 22