EgeBalci / IAT_API
Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.
☆68Updated last year
Related projects: ⓘ
- Assembly block for hooking windows API functions.☆81Updated 5 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆102Updated 3 years ago
- A simple COM server which provides a component to run shellcode☆131Updated 4 years ago
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆40Updated 3 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆97Updated last year
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 3 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆44Updated 7 years ago
- ☆48Updated 4 years ago
- Injects shellcode into remote processes using direct syscalls☆74Updated 3 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆74Updated 4 years ago
- Hijack Printconfig.dll to execute shellcode☆95Updated 3 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆33Updated 4 years ago
- Various tools, PoCs and experiments related to my blog at https://www.forrest-orr.net/☆35Updated 3 years ago
- Windows API Hashes used in the malwares☆38Updated 9 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 2 years ago
- Sysmon shenanigans☆65Updated 3 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆146Updated 3 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆91Updated 4 years ago
- ☆87Updated this week
- ☆36Updated 3 years ago
- CSharp Writeups for HackSys Extreme Vulnerable Driver☆43Updated 2 years ago
- A Study in Obfuscation: Analyzing the effect of various techniques to bypass AV engines☆41Updated last year
- Exploring in-memory execution of .NET☆130Updated 2 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆38Updated 2 years ago
- Shellcode injector using direct syscalls☆116Updated 4 years ago
- Enabled / Disable LSA Protection via BYOVD☆61Updated 2 years ago
- ☆36Updated 2 years ago
- C++ implant that interfaces with a SK8PARK server☆47Updated 3 years ago
- ☆74Updated 3 weeks ago