BlackOfWorld/NtCreateUserProcess external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

BlackOfWorld/NtCreateUserProcess

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/BlackOfWorld/NtCreateUserProcess)

Close

BlackOfWorld / NtCreateUserProcessView on GitHubMore

• External links
• Readme badge

A small NtCreateUserProcess PoC that spawns a Command prompt.

☆107Apr 11, 2026Updated last month

Alternatives and similar repositories for NtCreateUserProcess

Users that are interested in NtCreateUserProcess are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• BlackOfWorld / Windows-Native

  View on GitHub
  A wrapper around Windows, calls explicitly the lowest possible calls
  ☆14Jan 19, 2023Updated 3 years ago
• capt-meelo / NtCreateUserProcess

  View on GitHub
  Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html
  ☆144May 10, 2022Updated 4 years ago
• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆102Apr 22, 2022Updated 4 years ago
• rad9800 / WTSRM

  View on GitHub
  WTSRM
  ☆216Aug 7, 2022Updated 3 years ago
• FalconForceTeam / BOF2shellcode

  View on GitHub
  POC tool to convert CobaltStrike BOF files to raw shellcode
  ☆220Nov 5, 2021Updated 4 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• janoglezcampos / DeathSleep

  View on GitHub
  A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
  ☆536Aug 1, 2022Updated 3 years ago
• NUL0x4C / KnownDllUnhook

  View on GitHub
  Replace the .txt section of the current loaded modules from \KnownDlls\
  ☆306Sep 28, 2022Updated 3 years ago
• rad9800 / WTSRM2

  View on GitHub
  ☆164Dec 30, 2022Updated 3 years ago
• rad9800 / misc

  View on GitHub
  miscellaneous scripts and programs
  ☆286May 13, 2026Updated 3 weeks ago
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆141Sep 12, 2022Updated 3 years ago
• nettitude / RunOF

  View on GitHub
  ☆153Jan 6, 2023Updated 3 years ago
• ldematte / HostedPumpkin

  View on GitHub
  Submission, compilation and execution of C# code snippets, using an unmanaged CLR Host
  ☆61Jan 29, 2015Updated 11 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 3 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• ScriptIdiot / sleepmask_ekko_cfg

  View on GitHub
  Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
  ☆49Mar 15, 2023Updated 3 years ago
• delivr-to / MailCollector

  View on GitHub
  A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM
  ☆20Jul 19, 2025Updated 10 months ago
• Idov31 / Cronos

  View on GitHub
  PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
  ☆624Sep 26, 2023Updated 2 years ago
• rad9800 / TamperingSyscalls

  View on GitHub
  ☆513Aug 14, 2022Updated 3 years ago
• Cobalt-Strike / CallStackMasker

  View on GitHub
  A PoC implementation for dynamically masking call stacks with timers.
  ☆312Feb 13, 2023Updated 3 years ago
• kyleavery / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆1,020Jun 4, 2024Updated 2 years ago
• trustedsec / Windows-MS-LSAT-RPC-Example

  View on GitHub
  Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD
  ☆29Jan 4, 2024Updated 2 years ago
• mr-r3bot / bof-modules

  View on GitHub
  BOF for C2 framework
  ☆44Nov 9, 2024Updated last year
• zimnyaa / PhaseDive

  View on GitHub
  Sleep Obfuscation
  ☆47Oct 13, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆295Dec 3, 2023Updated 2 years ago
• rad9800 / VehApiResolve

  View on GitHub
  ☆118Aug 7, 2022Updated 3 years ago
• chbGSmCm / bof-deez-nuts

  View on GitHub
  Classic Bofa adapted to CobaltStrike.
  ☆11Oct 4, 2022Updated 3 years ago
• paranoidninja / Proxy-DLL-Loads

  View on GitHub
  The code is a pingback to the Dark Vortex blog:
  ☆189Jan 26, 2023Updated 3 years ago
• NUL0x4C / DeleteShadowCopies

  View on GitHub
  Deleting Shadow Copies In Pure C++
  ☆118Oct 31, 2022Updated 3 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆268Nov 18, 2022Updated 3 years ago
• janoglezcampos / rust_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆237Mar 23, 2023Updated 3 years ago
• D4rthMaulCop / DarthNetLoader

  View on GitHub
  ☆15Aug 17, 2023Updated 2 years ago
• NUL0x4C / ManualRsrcDataFetching

  View on GitHub
  Get your data from the resource section manually, with no need for windows apis
  ☆67Oct 22, 2024Updated last year
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• Wra7h / PEResourceInject

  View on GitHub
  ☆62Jun 26, 2022Updated 3 years ago
• passthehashbrowns / hiding-your-syscalls

  View on GitHub
  Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…
  ☆218Feb 20, 2023Updated 3 years ago
• itm4n / PPLmedic

  View on GitHub
  Dump the memory of any PPL with a Userland exploit chain
  ☆355Mar 17, 2023Updated 3 years ago
• xpn / CloudInject

  View on GitHub
  ☆122Nov 21, 2024Updated last year
• crummie5 / FreshyCalls

  View on GitHub
  FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!
  ☆359Sep 1, 2022Updated 3 years ago
• waawaa / AMSI_Rubeus_bypass

  View on GitHub
  ☆71Aug 2, 2022Updated 3 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆254Jul 9, 2024Updated last year