BlackOfWorld / NtCreateUserProcess
A small NtCreateUserProcess PoC that spawns a Command prompt.
☆83Updated 2 years ago
Related projects: ⓘ
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆126Updated 2 years ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆151Updated last year
- ☆97Updated last year
- Experiment on reproducing Obfuscate & Sleep☆136Updated 3 years ago
- ☆100Updated this week
- It's pointy and it hurts!☆120Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- a library that automates some clean syscalls to make it easier to implement☆80Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆177Updated 3 months ago
- LdrLoadDll Unhooking☆114Updated 2 years ago
- ☆87Updated this week
- A small tool I made to dump the export table of PE files. The primary use case was intended for use within DLL proxying.☆66Updated 2 years ago
- a stage1 DLL loader with sleep obfuscation☆32Updated last year
- Malware?☆69Updated 2 months ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆79Updated last year
- ☆99Updated this week
- Minifilter Callback Patching Proof-of-Concept☆59Updated last year
- ☆101Updated last year
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆31Updated 2 years ago
- Halos Gate-based NTAPI Unhooker☆49Updated 2 years ago
- Exploring in-memory execution of .NET☆130Updated 2 years ago
- Overwrite a process's recovery callback and execute with WER☆100Updated 2 years ago
- ☆61Updated this week
- Splitting and executing shellcode across multiple pages☆98Updated last year
- ☆73Updated this week
- ☆99Updated this week
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆86Updated 2 years ago
- Next gen process injection technique☆41Updated 4 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆67Updated 2 years ago