Awesome-Mirrors/my-infosec-awesome
1
0
Fork 0
mirror of https://github.com/pe3zx/my-infosec-awesome.git synced 2024-10-01 07:45:36 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add: hlldz/RefleXXion to Defense Evasion section

Browse Source
This commit is contained in:
pe3zx 2022-01-26 15:34:17 +07:00
parent 449ed1a563
commit a00b0de543
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Offensive.md
View File

@ -1320,6 +1320,10 @@ Some tools can be categorized in more than one category. But because the current
<td><a href="https://github.com/hlldz/Invoke-Phant0m">hlldz/Invoke-Phant0m</a></td> <td><a href="https://github.com/hlldz/Invoke-Phant0m">hlldz/Invoke-Phant0m</a></td>
<td>Windows Event Log Killer</td> <td>Windows Event Log Killer</td>
</tr> </tr>
<tr>
<td><a href="https://github.com/hlldz/RefleXXion">hlldz/RefleXXion</a></td>
<td>RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCreateSection, NtOpenSection and NtMapViewOfSection found in the LdrpThunkSignature array.</td>
</tr>
<tr> <tr>
<td><a href="https://github.com/huntresslabs/evading-autoruns">huntresslabs/evading-autoruns</a></td> <td><a href="https://github.com/huntresslabs/evading-autoruns">huntresslabs/evading-autoruns</a></td>
<td>Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)</td> <td>Slides and reference material from Evading Autoruns presentation at DerbyCon 7 (September 2017)</td>