0xpat / COFFInjector
PoC MSVC COFF Object file loader/injector.
☆171Updated 4 years ago
Alternatives and similar repositories for COFFInjector:
Users that are interested in COFFInjector are comparing it to the libraries listed below
- GhostWriting Injection Technique.☆168Updated 7 years ago
- Evasive Process Hollowing Techniques☆137Updated 4 years ago
- Experiment on reproducing Obfuscate & Sleep☆143Updated 4 years ago
- Project to check which Nt/Zw functions your local EDR is hooking☆183Updated 4 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆157Updated 4 years ago
- A small PoC that creates processes in Windows☆176Updated 9 months ago
- ☆162Updated 3 years ago
- ☆136Updated 2 years ago
- Example code for EDR bypassing☆150Updated 6 years ago
- WTSRM☆209Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆174Updated 2 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆270Updated 2 years ago
- Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html☆120Updated 2 years ago
- Detect strange memory regions and DLLs☆179Updated 3 years ago
- Beacon Object File (BOF) for remote process injection via thread hijacking☆208Updated 4 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆214Updated 2 years ago
- ☆112Updated 2 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆72Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆122Updated 2 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆213Updated 2 years ago
- ☆95Updated 2 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆186Updated last year
- Overwrite a process's recovery callback and execute with WER☆103Updated 2 years ago
- ☆195Updated 4 years ago
- Silence EDRs by removing kernel callbacks☆229Updated 4 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆133Updated 2 years ago
- miscellaneous scripts and programs☆236Updated 2 months ago
- ☆69Updated last month
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆83Updated 2 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆119Updated 5 years ago