0xlane / com-process-inject
Process Injection via Component Object Model (COM) IRundown::DoCallback().
☆57Updated 2 years ago
Alternatives and similar repositories for com-process-inject:
Users that are interested in com-process-inject are comparing it to the libraries listed below
- ProcessGhosting 技术的 rust 实现版本☆25Updated 4 months ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆109Updated last year
- Windows API Call Obfuscation☆99Updated 2 years ago
- 整合Pluto-Obfuscator和goron部分混淆,移植到LLVM-16.0.x,使用NewPassManager☆121Updated last year
- IDA Python script for generating Windows x86 shellcode with one click☆36Updated last year
- Kill Protected Process Light Process (include av)☆56Updated last year
- shellcode-loaders and beacon-loaders☆64Updated last year
- An implementation of an indirect system call☆120Updated last year
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆103Updated 3 years ago
- DLL 转发工具方法。☆51Updated last year
- Heaven's Gate implementation in C for constructing x64 Win32 API call in x86 WoW64 processes.☆69Updated 3 years ago
- Proof of concept code for thread pool based process injection in Windows.☆115Updated 3 months ago
- 简单安排一下 autochk.sys 这个rootkit☆71Updated 2 years ago
- ☆30Updated last year
- Call NtCreateUserProcess directly as normal.☆68Updated 2 years ago
- shellcode生成框架☆83Updated 7 months ago
- out-of-tree llvm obfuscation pass plugin (dynamically loadable by rustc). || rust toolchain with obfuscation llvm pass.☆109Updated 8 months ago
- ☆190Updated 2 years ago
- Windows Defender VDM lua collections☆47Updated 2 years ago
- Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&☆56Updated 2 months ago
- Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique☆62Updated 2 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆116Updated last year
- Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume thread…☆159Updated last year
- A cross-platform rust no-std library for verifying and extracting signature information from PE files.☆49Updated 3 months ago
- Load static-compiled PE from remote server.☆59Updated 3 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆95Updated 2 years ago
- Convert PE files to a shellcode☆74Updated 4 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆214Updated last year
- Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode☆58Updated 3 years ago