D1rkMtr / UnhookingPatch
☆148Updated this week
Related projects: ⓘ
- ☆138Updated this week
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆163Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated 9 months ago
- Run Your Payload Without Running Your Payload☆174Updated last year
- ☆96Updated this week
- Find DLLs with RWX section☆74Updated last year
- ☆107Updated this week
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆171Updated last year
- ☆142Updated 11 months ago
- Do some DLL SideLoading magic☆72Updated last year
- ☆132Updated last year
- The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section☆95Updated last year
- It's pointy and it hurts!☆120Updated last year
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆137Updated 2 years ago
- ☆105Updated last year
- Exploitation of process killer drivers☆182Updated 11 months ago
- Simple BOF to read the protection level of a process☆101Updated last year
- ☆70Updated last year
- I have documented all of the AMSI patches that I learned till now☆66Updated last year
- WTSImpersonator utilizes WTSQueryUserToken to steal user tokens by abusing the RPC Named Pipe "\\pipe\LSM_API_service"☆114Updated 2 months ago
- ☆172Updated 9 months ago
- Cobalt Strike (CS) Beacon Object File (BOF) for kernel exploitation using AMD's Ryzen Master Driver (version 17).☆131Updated last year
- ☆113Updated 11 months ago
- ☆140Updated this week
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- ☆87Updated 2 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 3 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆82Updated last year
- ☆60Updated this week
- ☆58Updated 3 months ago