BlackHat-Ashura / Process_GhostingLinks
Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by a file. This is an evasion technique.
☆16Updated last year
Alternatives and similar repositories for Process_Ghosting
Users that are interested in Process_Ghosting are comparing it to the libraries listed below
Sorting:
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆41Updated last year
- API Hammering with C++20☆49Updated 3 years ago
- An example of COM hijacking using a proxy DLL.☆42Updated 4 years ago
- ☆30Updated 3 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Updated 3 years ago
- Small tool to play with IOCs caused by Imageload events☆43Updated 2 years ago
- Process Injection: APC Injection☆31Updated 4 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆83Updated 2 years ago
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 8 months ago
- ☆88Updated last year
- the Open Source and Pure C++ Packer for eXecutables☆21Updated 2 years ago
- Various methods of executing shellcode☆73Updated 2 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆44Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆62Updated 2 years ago
- ☆38Updated 2 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆57Updated 3 years ago
- Listing UDP connections with remote address without sniffing.☆31Updated 2 years ago
- Piece of code to detect and remove hooks in IAT☆65Updated 3 years ago
- A C implementation of the Sektor7 "A Thief" Windows privesc technique.☆68Updated 3 years ago
- ☆25Updated last year
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆52Updated 2 years ago
- ☆34Updated 2 years ago
- ☆61Updated 2 years ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆24Updated 7 months ago
- ☆57Updated last month
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated 2 years ago
- BYOVD Technique Example using viragt64 driver☆64Updated last year
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆41Updated last month
- ☆58Updated 2 years ago