Template-Driven AV/EDR Evasion Framework

Multilayered AV/EDR Evasion Framework (no longer actively maintained)

Centralized resource for listing and organizing known injection techniques and POCs

PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts

PE loader with various shellcode injection techniques

Materials for the workshop "Red Team Ops: Havoc 101"

🐟 PoC of a VBA macro spawning a process with a spoofed parent and command line.

Detects process injection and memory manipulation used by malware. Finds RWX regions, shellcode patterns, API hooks, thread hijacking, and process hollowing. Built in Rust for speed. Includes CLI and TUI interfaces.

Some DLL Injection techniques in C++ implemented for both x86 and x64 windows OS processes

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

A C# DLL injection library

A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

An open-source process injection enumeration tool written in C#

A dynamic unpacking tool

Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.

Shellcode loader written in C and Assembly utilizing direct or indirect syscalls to evade UM EDR hooks

Shellcode obfuscation tool to avoid AV/EDR.

simple shellcode injector

Purple-team telemetry & simulation toolkit.

Process Injection Techniques with Golang