BlackOfWorld/NtCreateUserProcess external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

BlackOfWorld/NtCreateUserProcess

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/BlackOfWorld/NtCreateUserProcess)

Close

BlackOfWorld / NtCreateUserProcessView on GitHubMore

• External links
• Readme badge

A small NtCreateUserProcess PoC that spawns a Command prompt.

☆103Aug 25, 2022Updated 3 years ago

Alternatives and similar repositories for NtCreateUserProcess

Users that are interested in NtCreateUserProcess are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• BlackOfWorld / Windows-Native

  View on GitHub
  A wrapper around Windows, calls explicitly the lowest possible calls
  ☆14Jan 19, 2023Updated 3 years ago
• capt-meelo / NtCreateUserProcess

  View on GitHub
  Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html
  ☆144May 10, 2022Updated 3 years ago
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆103Apr 22, 2022Updated 3 years ago
• rad9800 / WTSRM

  View on GitHub
  WTSRM
  ☆215Aug 7, 2022Updated 3 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆221Nov 5, 2021Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆533Aug 1, 2022Updated 3 years ago
• NUL0x4C / KnownDllUnhook

  View on GitHub
  Replace the .txt section of the current loaded modules from \KnownDlls\
  ☆304Sep 28, 2022Updated 3 years ago
• rad9800 / WTSRM2

  View on GitHub
  ☆164Dec 30, 2022Updated 3 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆279Jan 23, 2025Updated last year
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆140Sep 12, 2022Updated 3 years ago
• nettitude / RunOF

  View on GitHub
  ☆153Jan 6, 2023Updated 3 years ago
• ldematte / HostedPumpkin

  View on GitHub
  Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host
  ☆59Jan 29, 2015Updated 11 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 2 years ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 3 years ago
• delivr-to / MailCollector

  View on GitHub
  A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM
  ☆20Jul 19, 2025Updated 8 months ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆619Sep 26, 2023Updated 2 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆511Aug 14, 2022Updated 3 years ago
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆310Feb 13, 2023Updated 3 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,009Jun 4, 2024Updated last year
• trustedsec / Windows-MS-LSAT-RPC-Example

  View on GitHub
  Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD
  ☆28Jan 4, 2024Updated 2 years ago
• mr-r3bot / bof-modules

  View on GitHub
  BOF for C2 framework
  ☆44Nov 9, 2024Updated last year
• zimnyaa / PhaseDive

  View on GitHub
  Sleep Obfuscation
  ☆45Oct 13, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆293Dec 3, 2023Updated 2 years ago
• rad9800 / VehApiResolve

  View on GitHub
  ☆119Aug 7, 2022Updated 3 years ago
• chbGSmCm / bof-deez-nuts

  View on GitHub
  Classic Bofa adapted to CobaltStrike.
  ☆11Oct 4, 2022Updated 3 years ago
• NUL0x4C / DeleteShadowCopies

  View on GitHub
  Deleting Shadow Copies In Pure C++
  ☆119Oct 31, 2022Updated 3 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆267Nov 18, 2022Updated 3 years ago
• janoglezcampos / rust_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆235Mar 23, 2023Updated 3 years ago
• Wra7h / PEResourceInject

  View on GitHub
  ☆61Jun 26, 2022Updated 3 years ago
• D4rthMaulCop / DarthNetLoader

  View on GitHub
  ☆15Aug 17, 2023Updated 2 years ago
• NUL0x4C / ManualRsrcDataFetching

  View on GitHub
  Get your data from the resource section manually, with no need for windows apis
  ☆67Oct 22, 2024Updated last year
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• passthehashbrowns / hiding-your-syscalls

  View on GitHub
  Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…
  ☆219Feb 20, 2023Updated 3 years ago
• xpn / CloudInject

  View on GitHub
  ☆122Nov 21, 2024Updated last year
• itm4n / PPLmedic

  View on GitHub
  Dump the memory of any PPL with a Userland exploit chain
  ☆352Mar 17, 2023Updated 3 years ago
• crummie5 / FreshyCalls

  View on GitHub
  FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!
  ☆360Sep 1, 2022Updated 3 years ago
• waawaa / AMSI_Rubeus_bypass

  View on GitHub
  ☆72Aug 2, 2022Updated 3 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆251Jul 9, 2024Updated last year
• WithSecureLabs / TickTock

  View on GitHub
  ☆113Oct 10, 2022Updated 3 years ago