FuzzySecurity / Capcom-Rootkit
Capcom Rootkit POC
☆188Updated 7 years ago
Alternatives and similar repositories for Capcom-Rootkit:
Users that are interested in Capcom-Rootkit are comparing it to the libraries listed below
- This is a standalone exploit for a vulnerable feature in Capcom.sys☆290Updated 2 years ago
- Universal Unhooking☆317Updated 6 years ago
- AndrewSpecial, dumping lsass' memory stealthily and bypassing "Cilence" since 2019.☆384Updated 5 years ago
- Windows - Weaponizing privileged file writes with the Update Session Orchestrator service☆382Updated 4 years ago
- Demos of various (also non standard) persistence methods used by malware☆219Updated last year
- a tool to make it easy and fast to test various forms of injection☆172Updated 5 years ago
- An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.☆501Updated 5 years ago
- This is a simple example and explanation of obfuscating API resolution via hashing☆232Updated 4 years ago
- An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security☆319Updated 7 years ago
- Persisting in the Windows registry "invisibly"☆339Updated 6 years ago
- FLARE Kernel Shellcode Loader☆176Updated 5 years ago
- Collection of CSharp Assemblies focused on Post-Exploitation Capabilities☆223Updated 5 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆93Updated 3 years ago
- Extract Windows Defender database from vdm files and unpack it☆436Updated 4 years ago
- Code from this article: https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/☆171Updated 4 years ago
- Fork of mona.py with x64dbg support☆99Updated 2 years ago
- The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into a…☆339Updated 2 months ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆241Updated 4 years ago
- Search for code cave in all binaries☆276Updated 6 months ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆155Updated 5 years ago
- Pazuzu: Reflective DLL to run binaries from memory☆212Updated 4 years ago
- ☆478Updated 7 years ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆218Updated last year
- A Bind Shell Using the Fax Service and a DLL Hijack☆325Updated 4 years ago
- A C/C++ implementation of Microsoft's Antimalware Scan Interface☆175Updated 6 years ago
- Custom Metasploit post module to executing a .NET Assembly from Meterpreter session☆341Updated 4 years ago
- Just another Windows Process Injection☆389Updated 4 years ago
- An attempt at Process Doppelgänging☆183Updated 7 years ago
- This is a **WIP** tool that performs shellcode obfuscation in x86 instruction set.☆234Updated 8 years ago
- Cminer is a tool for enumerating the code caves in PE files.☆147Updated last year