Lloyd Davies

icon indicating a website link https://blog.syscall.party

icon location London icon location 🥸

Results 9 repositories owned by Lloyd Davies

elf-strings

139
Stars
17
Forks
Watchers

elf-strings will programmatically read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.

verified publisher icon LloydLabs

delete-self-poc

476
Stars
91
Forks
Watchers

A way to delete a locked file, or current running executable, on disk.

verified publisher icon LloydLabs

Windows-API-Hashing

222
Stars
38
Forks
Watchers

This is a simple example and explanation of obfuscating API resolution via hashing

verified publisher icon LloydLabs

wsb-detect

345
Stars
49
Forks
Watchers

wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")

verified publisher icon LloydLabs

dearg-thread-ipc-stealth

102
Stars
22
Forks
Watchers

A novel technique to communicate between threads using the standard ETHREAD structure

verified publisher icon LloydLabs

librini

29
Stars
4
Forks
Watchers

Rini is a tiny, non-libc dependant, .ini file parser programmed from scratch in C99.

verified publisher icon LloydLabs

process-enumeration-stealth

68
Stars
11
Forks
Watchers

verified publisher icon LloydLabs

ntqueueapcthreadex-ntdll-gadget-injection

223
Stars
33
Forks
Watchers

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

verified publisher icon LloydLabs

shellcode-plain-sight

161
Stars
28
Forks
Watchers

Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak

verified publisher icon LloydLabs