Proof-of-Concept code snippets for a variety of different process injection techniques
☆23Feb 2, 2023Updated 3 years ago
Alternatives and similar repositories for ProcessInjectionPOCs
Users that are interested in ProcessInjectionPOCs are comparing it to the libraries listed below
Sorting:
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- It's what all the kids are talking about☆12Apr 25, 2023Updated 2 years ago
- A logging ASKPASS binary☆29May 29, 2020Updated 5 years ago
- Process Hollowing in Rust with Process Executable Relocation Support for both 32 and 64 bit architecture environments.☆22Jan 6, 2025Updated last year
- A nim port of C5pider's Ekko project.☆17Oct 1, 2022Updated 3 years ago
- The code I write in my blog☆80Feb 21, 2026Updated last week
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Standalone Go implementation of Metasploit's "db_nmap" and "db_import" commands.☆19Nov 6, 2024Updated last year
- Docker container for running CobaltStrike 4.7 and above☆24Mar 20, 2025Updated 11 months ago
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- Small utility package for manipulating Windows process tokens☆26Apr 26, 2022Updated 3 years ago
- Event Tracing for Windows EDR bypass in Rust (usermode)☆39Jun 9, 2024Updated last year
- Extracts TEXT section of a PE, ELF, or Mach-O executable to shellcode☆105May 5, 2023Updated 2 years ago
- Shikata ga nai (仕方がない) encoder ported into go with several improvements☆31Jan 28, 2026Updated last month
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆50Jul 6, 2025Updated 8 months ago
- ICMP scan all hosts across a given subnet in Go (golang)☆28Jan 24, 2026Updated last month
- use python on windows with full submodule support without installation☆30Jan 23, 2025Updated last year
- A client library to interact with Windows RPC services such as MS-SRVS and MS-RRP.☆75Feb 26, 2026Updated last week
- Resolve WinAPI func. Custom GetProcAddress and GetModuleHandle written in Nim☆32Jun 2, 2021Updated 4 years ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- Command line & PPID spoofing☆29Apr 15, 2023Updated 2 years ago
- ShellcodeFluctuation PoC ported to Nim☆79Oct 14, 2022Updated 3 years ago
- Test AMSI Provider implementation in C#☆42Dec 18, 2024Updated last year
- A go package to process ARP, ICMP, DHCP and notify when mac is online or offline.☆33Feb 4, 2025Updated last year
- Golang version of https://github.com/hasherezade/libpeconv☆29Jan 31, 2020Updated 6 years ago
- 💻 Windows 10 Kernel-mode rootkit☆32Sep 3, 2022Updated 3 years ago
- A Rust crate for parsing Windows user minidumps.☆41May 1, 2024Updated last year
- Parse SDDL strings☆37Apr 1, 2024Updated last year
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- A Lua module made to solve for the roots of quadratic, cubic and quartic functions.☆12Nov 12, 2019Updated 6 years ago
- A cross-platform tool to parse and describe the contents of a raw ntSecurityDescriptor structure☆47Oct 4, 2025Updated 5 months ago
- Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.☆43May 24, 2021Updated 4 years ago
- A collection of FreeBSD rootkit kernel modules and utilities☆13Jun 25, 2025Updated 8 months ago
- A large collection of blogs 🦐☆13Apr 12, 2025Updated 10 months ago
- WinDbg plugin to trace module transitions from a debugged driver.☆40Dec 22, 2025Updated 2 months ago
- Fancy Lighting Mod for Terraria☆15Feb 3, 2026Updated last month
- A simple Arduino Library to send message on Discord using webhook☆14Feb 25, 2025Updated last year
- This repository contains a collection of scripts I use regularly for offensive security-related tasks.☆15Jan 17, 2026Updated last month
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Jan 25, 2025Updated last year