BlackHat-Ashura / Process_GhostingLinks
Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by a file. This is an evasion technique.
☆16Updated last year
Alternatives and similar repositories for Process_Ghosting
Users that are interested in Process_Ghosting are comparing it to the libraries listed below
Sorting:
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆42Updated last year
- API Hammering with C++20☆49Updated 3 years ago
- ☆30Updated 4 months ago
- Process Injection: APC Injection☆32Updated 4 years ago
- An example of COM hijacking using a proxy DLL.☆42Updated 4 years ago
- Small tool to play with IOCs caused by Imageload events☆43Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Updated 3 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆57Updated 3 years ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆26Updated 8 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- idk man this was the default github name�☆35Updated 2 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆45Updated 2 years ago
- ☆38Updated 2 years ago
- A C implementation of the Sektor7 "A Thief" Windows privesc technique.☆69Updated 3 years ago
- Various methods of executing shellcode☆73Updated 2 years ago
- ☆25Updated last year
- Repository of Microsoft Driver Block Lists based off of OS-builds☆42Updated last year
- A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously☆31Updated 2 years ago
- really ?☆12Updated last year
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Updated 2 years ago
- A simple Linux in-memory .so loader☆33Updated 2 years ago
- Hooked create process injection for meterpreter☆23Updated 4 years ago
- ☆59Updated 3 years ago
- Swiss army knife for payload encryption and obfuscation☆25Updated last year
- the Open Source and Pure C++ Packer for eXecutables☆21Updated 2 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Updated 2 years ago
- ☆88Updated last year
- A simple PE loader.☆27Updated 3 years ago
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 9 months ago
- A repository filled with ideas to break/detect direct syscall techniques☆27Updated 3 years ago