BlackHat-Ashura / Process_Ghosting
Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by a file. This is an evasion technique.
☆14Updated 6 months ago
Related projects ⓘ
Alternatives and complementary repositories for Process_Ghosting
- Red Team Operation's Defense Evasion Technique.☆51Updated 5 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆37Updated 10 months ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆51Updated last year
- ☆35Updated 2 weeks ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- Collect Windows telemetry for Maldev☆36Updated this week
- API Hammering with C++20☆34Updated 2 years ago
- EvtPsst☆54Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 3 months ago
- A pure C version of SymProcAddress☆23Updated 7 months ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆32Updated last year
- ☆34Updated last year
- Section-based payload obfuscation technique for x64☆58Updated 3 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆20Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆21Updated last month
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- miscellaneous codes☆35Updated last year
- Various methods of executing shellcode☆68Updated last year
- ☆58Updated 10 months ago
- Windows AppLocker Driver (appid.sys) LPE☆35Updated 3 months ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆15Updated last year
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…☆37Updated 5 months ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆14Updated last year
- Bunch of BOF files☆23Updated 8 months ago
- This is my own implementation of the Perun's Fart technique by Sektor7☆66Updated 2 years ago
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆37Updated last year
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago