0xflux / Hells-HollowLinks
Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls
☆81Updated this week
Alternatives and similar repositories for Hells-Hollow
Users that are interested in Hells-Hollow are comparing it to the libraries listed below
Sorting:
- Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.☆92Updated 5 months ago
- find dll base addresses without PEB WALK☆138Updated 2 weeks ago
- Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar☆130Updated 11 months ago
- A COFF Loader written in Rust☆117Updated 2 weeks ago
- A reflective DLL development template for the Rust programming language☆105Updated 2 months ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆186Updated last month
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆65Updated 3 months ago
- Exploiting the KsecDD Windows driver through Server Silos☆72Updated 8 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆39Updated 11 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆53Updated 6 months ago
- XOR decrypting shellcode using the GPU with OpenCL.☆100Updated 2 months ago
- shell code example☆60Updated 2 months ago
- ☆100Updated last year
- LKM rootkit for modern kernels, with DNS C2 and a simple web interface☆72Updated 3 weeks ago
- ☆87Updated 11 months ago
- kernel-mode DLL Injector☆96Updated 3 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆74Updated 7 months ago
- Linker for Beacon Object Files☆122Updated 2 weeks ago
- ForsHops☆55Updated 4 months ago
- Activation cache poisoning to elevate from medium to high integrity (CVE-2024-6769)☆72Updated 10 months ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆70Updated 2 weeks ago
- Dynamically invoke arbitrary code and use various tricks written idiomatically in Rust (Dinvoke)☆86Updated 3 weeks ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆49Updated 6 months ago
- A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.☆152Updated 9 months ago
- An Obfuscator-LLVM based mingw-w64 toolchain.☆40Updated 3 years ago
- Shellcode Loader Utilizing ETW Events☆63Updated 5 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆42Updated last year
- Shellcode loader that executes embedded Lua from Rust.☆116Updated 7 months ago
- In-memory hiding technique☆56Updated 6 months ago
- A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…☆57Updated 4 months ago