Hooking KPRCB IdlePreselect function to gain execution inside PID 0.
☆73Apr 13, 2025Updated 10 months ago
Alternatives and similar repositories for PowerHook
Users that are interested in PowerHook are comparing it to the libraries listed below
Sorting:
- ☆53Mar 26, 2025Updated 11 months ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆199Jun 17, 2025Updated 8 months ago
- Virtual Trust Level (VTL 1) secure call tracing☆102Feb 12, 2026Updated 2 weeks ago
- BOF to decrypt Signal Desktop chat logs☆71Feb 20, 2025Updated last year
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆81Jun 21, 2025Updated 8 months ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆123Jan 17, 2026Updated last month
- Blog/Journal on how to backdoor VSCode extensions☆76Updated this week
- A lexer and parser for Sleep☆20Feb 20, 2026Updated last week
- Vectored Exception Handling Squared☆29Dec 27, 2025Updated 2 months ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- Exploiting the KsecDD Windows driver through Server Silos☆76Nov 11, 2024Updated last year
- Mentally ill EtwTi parser☆68Jan 11, 2026Updated last month
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 10 months ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆281Sep 18, 2024Updated last year
- An example reference design for a proposed BOF PE☆200Jan 23, 2026Updated last month
- ☆31Feb 28, 2025Updated last year
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆76Sep 8, 2025Updated 5 months ago
- Admin to Kernel code execution using the KSecDD driver☆265Apr 19, 2024Updated last year
- Rewrite and obfuscate code in compiled binaries☆273Dec 13, 2025Updated 2 months ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆61Oct 19, 2024Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆281Apr 6, 2025Updated 10 months ago
- Dump protected process memory by using BYOVD to tamper with handle objects in the kernel.☆38Aug 5, 2025Updated 6 months ago
- ForsHops☆152Mar 25, 2025Updated 11 months ago
- Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options☆158Mar 26, 2025Updated 11 months ago
- A set of programs for analyzing common vulnerabilities in COM☆248Sep 8, 2024Updated last year
- shell code example☆68Dec 12, 2025Updated 2 months ago
- ☆124May 12, 2021Updated 4 years ago
- This technique leverages PowerShell's .NET interop layer and COM automation to achieve stealthy command execution by abusing implicit typ…☆52May 16, 2025Updated 9 months ago
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆334Mar 6, 2025Updated 11 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Process injection alternative☆406Sep 6, 2024Updated last year
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆137Aug 31, 2025Updated 6 months ago
- ntoskrnl .data hooks for UM-KM communication☆54May 26, 2024Updated last year
- ☆36Nov 8, 2024Updated last year
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆137Apr 6, 2025Updated 10 months ago