EvilBytecode 1 Repository
EvilBytecode/Evilbytecode
Size: 12.8 MB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 7 - Forks: 2
EvilBytecode/GoDefender
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package. Windows ONLY.
Language: Go - Size: 941 KB - Last synced at: 20 days ago - Pushed at: 2 months ago - Stars: 837 - Forks: 86
EvilBytecode/GhostVEH
Registers Vectored Exception Handlers by directly manipulating internal LdrpVectorHandlerList structure instead of calling RtlAddVectoredExceptionHandler.
Language: C++ - Size: 10.7 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 8 - Forks: 1
EvilBytecode/Ebyte-amsi-patchless-vehhwbp
Patchless AMSI bypass using hardware breakpoints and a vectored exception handler to intercept AmsiScanBuffer and AmsiScanString before they execute. The bypass reads the 5th parameter (the AMSI result pointer) from the untouched stack frame, forces a clean result, and returns to the caller without modifying AMSI code in memory.
Language: C++ - Size: 10.7 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 34 - Forks: 8
EvilBytecode/AntiDebugEP
Anti-debug tool that detects INT3 breakpoints at the program’s entry point using a TLS callback
Language: C++ - Size: 6.84 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 2 - Forks: 0
EvilBytecode/HandleHijacker
HandleHijacker is a low-level Windows utility written in Go that lets you inspect running processes, extract files that processes have open, and optionally close handles to those files, that lets us read a content off a locked file, without terminating the process.
Language: Go - Size: 30.3 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 8 - Forks: 2
EvilBytecode/ExitPatcher
Prevent in-process process termination by patching exit APIs
Language: C++ - Size: 8.79 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 3 - Forks: 0
EvilBytecode/NoMoreStealers
FolderGuard is a Windows file system minifilter driver that protects sensitive user data from untrusted processes.
Language: HTML - Size: 16.3 MB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 14 - Forks: 1
EvilBytecode/Ebyte-Syscalls
Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swapping without memory or assembly allocation.
Language: C++ - Size: 21.5 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 37 - Forks: 6
EvilBytecode/Detecting-Indirect-Syscalls
Detection of indirect syscall techniques using hardware breakpoints and vectored exception handling.
Language: C++ - Size: 22.5 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 4 - Forks: 0
EvilBytecode/EDR-XDR-AV-Bypass-Shellcode-Loader
Bypassing Major EDR's with staged shellcode, custom getmodulehandleW and getprocaddress, veh syscalls & more.
Language: C - Size: 26.4 KB - Last synced at: 4 months ago - Pushed at: 10 months ago - Stars: 23 - Forks: 11
EvilBytecode/GoRedOps
🦫 | GoRedOps is a repository dedicated to gathering and sharing advanced techniques and offensive malware for Red Team, with a specific focus on the Go programming language, all is made for educational purpoeses only.
Language: Go - Size: 1.7 MB - Last synced at: 4 months ago - Pushed at: 10 months ago - Stars: 596 - Forks: 90
EvilBytecode/Evilbytecode-Shellcode-Go-Tactics
A mutliple tactics to execute shellcode in go :}
Language: Go - Size: 28.3 KB - Last synced at: about 2 months ago - Pushed at: 10 months ago - Stars: 23 - Forks: 3
EvilBytecode/VK-Api-Amsi-Bypass
The Vulkan loader vulkan-1.dll has internal trampoline functions that perform checksum validation before executing callbacks., lets use that for our usage.
Language: C++ - Size: 14.6 KB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 2 - Forks: 0
EvilBytecode/Lifetime-Amsi-EtwPatch
Two in one, patch lifetime powershell console, no more etw and amsi!
Language: Go - Size: 11.7 KB - Last synced at: 5 months ago - Pushed at: 10 months ago - Stars: 97 - Forks: 21
EvilBytecode/CMD-Arg-Spoof
Manipulate PEB, and patch CmdArgs - RTL_USER_PROCESS_PARAMETERS..
Language: C++ - Size: 14.6 KB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 4 - Forks: 0
EvilBytecode/TaskMgr-Troll
Troll TaskManager, and play with it .
Language: C++ - Size: 8.79 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 3 - Forks: 0
EvilBytecode/Powershell-Persistance
Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do not take any responsibility for its use or any actions taken.
Language: Go - Size: 7.81 KB - Last synced at: 6 months ago - Pushed at: 10 months ago - Stars: 11 - Forks: 1
EvilBytecode/Ebyte-Go-Morpher
Ebyte-Go-Morpher is a Go program that parses, analyzes, and rewrites Go source code to apply multiple layers of obfuscation. It operates directly on the Go Abstract Syntax Tree (AST) and generates both obfuscated source files and runtime decryption logic.
Language: Go - Size: 19.5 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 4 - Forks: 0
EvilBytecode/PayloadCrypter
Go Based Crypter That Can Bypass Any Kinds Of Antivirus Products, payload crypter supports over 4 programming languages.
Language: Go - Size: 31.3 KB - Last synced at: 7 months ago - Pushed at: 10 months ago - Stars: 47 - Forks: 8
EvilBytecode/Ebyte-ETW-Redirector
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to custom proxy.
Language: C++ - Size: 9.77 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 2 - Forks: 0
EvilBytecode/PyDefender
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package.
Language: Python - Size: 320 KB - Last synced at: 9 months ago - Pushed at: 10 months ago - Stars: 55 - Forks: 10
EvilBytecode/Nyx-Full-Dll-Unhook
(EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
Language: Go - Size: 40 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 31 - Forks: 7
EvilBytecode/Sryxen-Stealer-Paid-Source
Stealer in c++.
Language: C++ - Size: 572 KB - Last synced at: 9 months ago - Pushed at: 10 months ago - Stars: 39 - Forks: 29
EvilBytecode/veh-syscalls-shellcode
NFS
Size: 7.81 KB - Last synced at: 9 months ago - Pushed at: 10 months ago - Stars: 4 - Forks: 2
EvilBytecode/EDR-XDR-AV-Killer
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
Language: Go - Size: 110 KB - Last synced at: 9 months ago - Pushed at: 10 months ago - Stars: 273 - Forks: 54
EvilBytecode/Ebyte-AMSI-ProxyInjector
A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuffer calls. It suspends the target’s threads, patches the function to always return AMSI_RESULT_CLEAN without altering original bytes directly, ensuring stealthy AMSI bypass.
Language: C++ - Size: 18.6 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 1 - Forks: 0
EvilBytecode/EByte-Pattern-AmsiPatch
Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to neutralize malware scanning without modifying any files on disk.
Language: C++ - Size: 8.79 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 2 - Forks: 0
EvilBytecode/Keylogger
Go keylogger for Windows, logging keyboard input to a file using Windows API functions, and it is released under the Unlicense.
Language: Go - Size: 16.6 KB - Last synced at: 6 months ago - Pushed at: 10 months ago - Stars: 25 - Forks: 5
EvilBytecode/CMD-Persistence
PoC, everytime you launch cmd, notepad does aswell (EXAMPLE PROCESS)
Language: Go - Size: 4.88 KB - Last synced at: 7 months ago - Pushed at: 10 months ago - Stars: 7 - Forks: 1
EvilBytecode/Cpp-Red-Ops
C++ Red Opsec, im making this beacuse i want to learn more.
Language: C++ - Size: 3.91 KB - Last synced at: 7 months ago - Pushed at: 10 months ago - Stars: 5 - Forks: 2
EvilBytecode/EByte-Personal-Tools
Some personal tools i use sometiems when developing an go based grabber.
Language: Go - Size: 7.81 KB - Last synced at: 7 months ago - Pushed at: 10 months ago - Stars: 3 - Forks: 1
EvilBytecode/PPID-Spoofing
Parent Process ID Spoofing, coded in CGo.
Language: Go - Size: 6.84 KB - Last synced at: 8 months ago - Pushed at: 10 months ago - Stars: 22 - Forks: 5
EvilBytecode/EvilByte-Remote-AMSI-Bypass
Bypasses AMSI protection through remote memory patching and parsing technique.
Language: C++ - Size: 9.77 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 1 - Forks: 0
EvilBytecode/PhantomDelay
PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified number of seconds.
Language: C++ - Size: 0 Bytes - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 0 - Forks: 0
EvilBytecode/Ntdll-Unhook
Unhook Ntdll.dll, Go & C++.
Language: C++ - Size: 8.79 KB - Last synced at: 9 months ago - Pushed at: 10 months ago - Stars: 22 - Forks: 3
EvilBytecode/CustomGetProcAdress
Workaround X86-X64 Golang example.
Language: Go - Size: 2.93 KB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 0 - Forks: 0
EvilBytecode/EByte-Ransomware
Go ransomware leveraging ChaCha20 and ECIES encryption with a web-based control panel.
Language: Go - Size: 44.9 KB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 29 - Forks: 8
EvilBytecode/ThunderKitty-Ransomware
Ransomware written in go, encrypt - decrypt.
Language: Go - Size: 1.95 MB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 20 - Forks: 3
EvilBytecode/ThunderKitty
🔑 Open source stealer written in Go, all logs will be sent to Telegram bot.
Language: Go - Size: 175 KB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 102 - Forks: 25
EvilBytecode/D-ntdll-unhook
a simple code to unhook ntdll lol.
Language: D - Size: 298 KB - Last synced at: 4 months ago - Pushed at: 10 months ago - Stars: 5 - Forks: 1
EvilBytecode/GolangStyle
GolangStyle, best looking go library.
Language: Go - Size: 22.5 KB - Last synced at: 4 months ago - Pushed at: 10 months ago - Stars: 13 - Forks: 2
EvilBytecode/RubyRedOps
💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby
Language: Ruby - Size: 145 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 10 - Forks: 1
EvilBytecode/Eset-Unload
Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found in ESET security software. It attempts to safely unload or manually load and unload the module.
Language: C++ - Size: 7.81 KB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 2 - Forks: 0
EvilBytecode/IATPhantom
IATPhantom dynamically loads and resolves functions from DLLs while hiding from the Import Address Table (IAT), making it invisible to common detection techniques.
Language: C - Size: 11.7 KB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 2 - Forks: 0
EvilBytecode/EByte-VBS-Obfuscator-Go
VBS-Obfuscator-GO is a Go-based tool designed for obfuscating VBScript (VBS) files. It transforms readable VBScript code into a less recognizable form by employing random variable names and encoding character values using mathematical operations. This helps protect scripts from casual inspection and modification.
Language: Go - Size: 7.81 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 35 - Forks: 5
EvilBytecode/EByte-Shellcode-Loader
shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hooks by resolving system calls manually from NTDLL using a hash-based method.
Language: D - Size: 142 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 9 - Forks: 1
EvilBytecode/SsnRetrieval
Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.
Language: Go - Size: 6.84 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 11 - Forks: 1
EvilBytecode/Malwarebytes-Shutdowner
Kill malawarebytes process. Can be ported to any programming language.
Language: Go - Size: 7.81 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 8 - Forks: 2
EvilBytecode/Enable-All-Tokens
Enable-All-Tokens is a Go-based project designed to adjust and enable a list of specified privileges for the current process token on a Windows operating system. This project can be particularly useful for developers and system administrators who need to programmatically enable various system privileges for their applications.
Language: Go - Size: 5.86 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 10 - Forks: 2
EvilBytecode/ETW-Patch
code snippet provided demonstrates how to patch the EtwEventWrite function in the ntdll.dll library on Windows using CGO (C Go).
Language: Go - Size: 4.88 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 8 - Forks: 1
EvilBytecode/Evil-Go
A malicous Golang Package
Language: Go - Size: 8.79 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 14 - Forks: 2
EvilBytecode/GoEvilDocs
Malware development in Go, learn today, anti dynamic analysis & Static & sandboxes.
Size: 7.81 KB - Last synced at: 11 months ago - Pushed at: over 1 year ago - Stars: 11 - Forks: 2
EvilBytecode/Keyauth-Protected-App-Go
Keyauth-Protected-App-Go is a Go-based application that integrates with the KeyAuth API to provide secure user authentication. It comes with built-in anti-debugging and anti-DLL injection features to protect against reverse engineering and unauthorized modifications.
Language: Go - Size: 14.6 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 7 - Forks: 1
EvilBytecode/Self-Run-PE
Self PE Injector in C++, using NtApi.
Language: C++ - Size: 7.81 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 7 - Forks: 3
EvilBytecode/Bloxstrap-Persistance
Bloxstrap-Persistance modifies Bloxstrap's settings (Settings.json) to add persistent integrations, showcasing how applications can be exploited.
Language: Go - Size: 4.88 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 7 - Forks: 1
EvilBytecode/PS2BAT
A Documentation for my module PS2BAT, it converts Powershell Scripts to Batchfile ones.
Language: PowerShell - Size: 11.7 KB - Last synced at: 10 months ago - Pushed at: over 1 year ago - Stars: 12 - Forks: 3
EvilBytecode/tria.ge-detection
detection for https://tria.ge / detect tria.ge / tria.ge detection / triage detection
Language: Go - Size: 7.81 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0
EvilBytecode/RtlSetProcessIsCritical
Creating a process that is critical! Attempting to terminate it will trigger a BSOD (Blue Screen of Death). Below are scripts in various languages including PowerShell, C#, Visual Basic, Golang and Python. with potential for additional languages in the future!
Language: Go - Size: 22.5 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0
EvilBytecode/AntiCrack-DotNet Fork of AdvDebug/AntiCrack-DotNet
C# Project contains a plenty of Advanced Anti-Debugging, Anti-Virtualization, Anti Dll-Injection and Anti-Hooking Techniques.
Language: C# - Size: 124 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
EvilBytecode/GoPulzeTerminator
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes. coded in your beloved golang!
Language: Go - Size: 118 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0
EvilBytecode/skuld Fork of hackirby/skuld
Next-Gen Stealer written in Go. Stealing from Discord, Chromium-Based & Firefox-Based Browsers, Crypto Wallets and more, from every user on every disk. (PoC. For educational purposes only)
Language: Go - Size: 724 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
EvilBytecode/MD5-Hash-Spoofer
spoof md5 hash, evade avs.
Language: Go - Size: 1.95 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0
EvilBytecode/Powershell-Token-Grabber Fork of ChildrenOfYahweh/Powershell-Token-Grabber
discord token grabber in powershell
Language: PowerShell - Size: 406 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0
EvilBytecode/empyrean Fork of addi00000/empyrean
Easy to use and open-source stealer that's super effective
Language: Python - Size: 3.24 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0
EvilBytecode/bypass.vip Fork of bypass-vip/bypass.vip
API usage for bypass.vip, adding more langs soon.
Language: C# - Size: 35.2 KB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 0
- JSON API: repos.ecosyste.ms