Patchless AMSI bypass using hardware breakpoints and a vectored exception handler to intercept AmsiScanBuffer and AmsiScanString before they execute. The bypass reads the 5th parameter (the AMSI re…

Anti-debug tool that detects INT3 breakpoints at the program’s entry point using a TLS callback

HandleHijacker is a low-level Windows utility written in Go that lets you inspect running processes, extract files that processes have open, and optionally close handles to those files, that lets u…

Prevent in-process process termination by patching exit APIs

NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.

Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swapping without memory or assembly allocation.

Detection of indirect syscall techniques using hardware breakpoints and vectored exception handling.

The Vulkan loader vulkan-1.dll has internal trampoline functions that perform checksum validation before executing callbacks., lets use that for our usage.

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.

Manipulate PEB, and patch CmdArgs - RTL_USER_PROCESS_PARAMETERS..

Troll TaskManager, and play with it .

Ebyte-Go-Morpher is a Go program that parses, analyzes, and rewrites Go source code to apply multiple layers of obfuscation. It operates directly on the Go Abstract Syntax Tree (AST) and generates …

A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to custom proxy.

(EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.

A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the fun…

Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to neutralize malware scanning without modifying any files on disk.

Bypasses AMSI protection through remote memory patching and parsing technique.

PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified number of seconds.

Workaround X86-X64 Golang example.

Go ransomware leveraging ChaCha20 and ECIES encryption with a web-based control panel.

🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educati…

Two in one, patch lifetime powershell console, no more etw and amsi!

Go Based Crypter That Can Bypass Any Kinds Of Antivirus Products, payload crypter supports over 4 programming languages.

Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package.

This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.

Ransomware written in go, encrypt - decrypt.

🔑 Open source stealer written in Go, all logs will be sent to Telegram bot.

NFS

Beacuse it was leaked, enjoy use with donut.