BlackHat-Ashura / Process_Ghosting

Related projects ⓘ

Alternatives and complementary repositories for Process_Ghosting

• fin3ss3g0d / HookFinder
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆32Updated last year
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆39Updated 4 months ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆38Updated last year
• lleon1435 / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆14Updated last year
• a7t0fwa7 / SymProcSleuth
  A pure C version of SymProcAddress
  ☆23Updated 8 months ago
• pygrum / gimmick
  Section-based payload obfuscation technique for x64
  ☆58Updated 3 months ago
• Bl4ckM1rror / PEAs
  ☆58Updated 11 months ago
• NtDallas / Fenrir
  stack spoofing
  ☆57Updated last week
• HulkOperator / AuthStager
  ☆37Updated last month
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆34Updated 2 years ago
• nothingspecialforu / EvtPsst
  EvtPsst
  ☆54Updated last year
• hlldz / misc
  miscellaneous codes
  ☆35Updated last year
• rbmm / Hollowed-Process
  ☆26Updated last month
• b4rth0v5k1 / EarlyBirdNTDLL
  ☆34Updated last year
• RixedLabs / IDLE-Abuse
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆51Updated last year
• waawaa / Hooked-Injector
  Hooked create process injection for meterpreter
  ☆23Updated 3 years ago
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 2 years ago
• hackerhouse-opensource / envschtasksuacbypass
  Bypass UAC elevation on Windows 8 (build 9600) & above.
  ☆53Updated 2 years ago
• lem0nSec / Dsebler
  Reimplementation of the KExecDD DSE bypass technique.
  ☆42Updated 2 months ago
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆38Updated 11 months ago
• mr-r3bot / bof-modules
  BOF for C2 framework
  ☆40Updated 2 weeks ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆85Updated 2 years ago
• Offensive-Panda / C2_Elevated_Shell_DLL_Hijcking
  DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…
  ☆37Updated 6 months ago
• Shrfnt77 / AmsiBypass
  Bypassing Amsi using LdrLoadDll
  ☆24Updated last month
• FuzzySecurity / SAFACon-Vienna
  ☆22Updated 6 months ago
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆38Updated last year
• G0ldenGunSec / DayBird
  Extension functionality for the NightHawk operator client
  ☆26Updated last year
• MaorSabag / HollowMask
  Just another Process Injection using Process Hollowing technique.
  ☆16Updated last year