BlackOfWorld/NtCreateUserProcess external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

BlackOfWorld/NtCreateUserProcess

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/BlackOfWorld/NtCreateUserProcess)

Close

BlackOfWorld / NtCreateUserProcessView on GitHubMore

• External links
• Readme badge

A small NtCreateUserProcess PoC that spawns a Command prompt.

☆106Apr 11, 2026Updated last month

Alternatives and similar repositories for NtCreateUserProcess

Users that are interested in NtCreateUserProcess are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• BlackOfWorld / Windows-Native

  View on GitHub
  A wrapper around Windows, calls explicitly the lowest possible calls
  ☆14Jan 19, 2023Updated 3 years ago
• capt-meelo / NtCreateUserProcess

  View on GitHub
  Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html
  ☆143May 10, 2022Updated 4 years ago
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆103Apr 22, 2022Updated 4 years ago
• rad9800 / WTSRM

  View on GitHub
  WTSRM
  ☆216Aug 7, 2022Updated 3 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆223Nov 5, 2021Updated 4 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• NUL0x4C / KnownDllUnhook

  View on GitHub
  Replace the .txt section of the current loaded modules from \KnownDlls\
  ☆306Sep 28, 2022Updated 3 years ago
• rad9800 / WTSRM2

  View on GitHub
  ☆164Dec 30, 2022Updated 3 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆285Updated this week
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆141Sep 12, 2022Updated 3 years ago
• nettitude / RunOF

  View on GitHub
  ☆153Jan 6, 2023Updated 3 years ago
• ldematte / HostedPumpkin

  View on GitHub
  Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host
  ☆60Jan 29, 2015Updated 11 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆148Nov 15, 2023Updated 2 years ago
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 3 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 3 years ago
• delivr-to / MailCollector

  View on GitHub
  A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM
  ☆20Jul 19, 2025Updated 10 months ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆625Sep 26, 2023Updated 2 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆514Aug 14, 2022Updated 3 years ago
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆311Feb 13, 2023Updated 3 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,015Jun 4, 2024Updated last year
• trustedsec / Windows-MS-LSAT-RPC-Example

  View on GitHub
  Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD
  ☆29Jan 4, 2024Updated 2 years ago
• mr-r3bot / bof-modules

  View on GitHub
  BOF for C2 framework
  ☆44Nov 9, 2024Updated last year
• zimnyaa / PhaseDive

  View on GitHub
  Sleep Obfuscation
  ☆47Oct 13, 2022Updated 3 years ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆294Dec 3, 2023Updated 2 years ago
• rad9800 / VehApiResolve

  View on GitHub
  ☆119Aug 7, 2022Updated 3 years ago
• chbGSmCm / bof-deez-nuts

  View on GitHub
  Classic Bofa adapted to CobaltStrike.
  ☆11Oct 4, 2022Updated 3 years ago
• paranoidninja / Proxy-DLL-Loads

  View on GitHub
  The code is a pingback to the Dark Vortex blog:
  ☆190Jan 26, 2023Updated 3 years ago
• NUL0x4C / DeleteShadowCopies

  View on GitHub
  Deleting Shadow Copies In Pure C++
  ☆120Oct 31, 2022Updated 3 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆268Nov 18, 2022Updated 3 years ago
• janoglezcampos / rust_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆237Mar 23, 2023Updated 3 years ago
• D4rthMaulCop / DarthNetLoader

  View on GitHub
  ☆15Aug 17, 2023Updated 2 years ago
• NUL0x4C / ManualRsrcDataFetching

  View on GitHub
  Get your data from the resource section manually, with no need for windows apis
  ☆67Oct 22, 2024Updated last year
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• Wra7h / PEResourceInject

  View on GitHub
  ☆62Jun 26, 2022Updated 3 years ago
• passthehashbrowns / hiding-your-syscalls

  View on GitHub
  Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…
  ☆219Feb 20, 2023Updated 3 years ago
• itm4n / PPLmedic

  View on GitHub
  Dump the memory of any PPL with a Userland exploit chain
  ☆354Mar 17, 2023Updated 3 years ago
• xpn / CloudInject

  View on GitHub
  ☆123Nov 21, 2024Updated last year
• crummie5 / FreshyCalls

  View on GitHub
  FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!
  ☆360Sep 1, 2022Updated 3 years ago
• waawaa / AMSI_Rubeus_bypass

  View on GitHub
  ☆72Aug 2, 2022Updated 3 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆252Jul 9, 2024Updated last year