Hagrid29 / PELoader

Related projects ⓘ

Alternatives and complementary repositories for PELoader

• trickster0 / TartarusGate
  TartarusGate, Bypassing EDRs
  ☆533Updated 2 years ago
• Dec0ne / HWSyscalls
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆628Updated last year
• Dec0ne / DllNotificationInjection
  A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…
  ☆434Updated last year
• rainerzufalldererste / windows_x64_shellcode_template
  An easily modifiable shellcode template for Windows x64 written in C
  ☆197Updated last year
• nettitude / RunPE
  C# Reflective loader for unmanaged binaries.
  ☆419Updated last year
• iilegacyyii / ThreadlessInject-BOF
  BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…
  ☆368Updated 10 months ago
• WithSecureLabs / CallStackSpoofer
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆431Updated 2 years ago
• br-sn / CheekyBlinder
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆544Updated last year
• trustedsec / COFFLoader
  ☆471Updated 3 weeks ago
• boku7 / AsmHalosGate
  x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
  ☆193Updated last year
• crummie5 / FreshyCalls
  FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!
  ☆315Updated 2 years ago
• Cracked5pider / Ekko
  Sleep Obfuscation
  ☆686Updated 11 months ago
• DamonMohammadbagher / ETWProcessMon2
  ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…
  ☆292Updated 8 months ago
• Cracked5pider / KaynLdr
  KaynLdr is a Reflective Loader written in C/ASM
  ☆521Updated 11 months ago
• gabriellandau / PPLFault
  ☆506Updated 8 months ago
• zeroperil / HookDump
  Security product hook detection
  ☆311Updated 3 years ago
• med0x2e / ExecuteAssembly
  Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…
  ☆545Updated 3 years ago
• Cobalt-Strike / CallStackMasker
  A PoC implementation for dynamically masking call stacks with timers.
  ☆250Updated last year
• Ondrik8 / byPass_AV
  ☆135Updated 3 years ago
• mgeeky / UnhookMe
  UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …
  ☆341Updated 2 years ago
• kyleavery / inject-assembly
  Inject .NET assemblies into an existing process
  ☆485Updated 2 years ago
• S3cur3Th1sSh1t / Nim-RunPE
  A Nim implementation of reflective PE-Loading from memory
  ☆271Updated 2 months ago
• forrest-orr / phantom-dll-hollower-poc
  Phantom DLL hollowing PoC
  ☆350Updated 2 years ago
• NUL0x4C / KnownDllUnhook
  Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
  ☆287Updated 2 years ago
• AzAgarampur / byeintegrity-uac
  Bypass UAC by hijacking a DLL located in the Native Image Cache
  ☆207Updated 3 years ago
• anthemtotheego / InlineExecute-Assembly
  InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assem…
  ☆610Updated last year
• itm4n / PPLmedic
  Dump the memory of any PPL with a Userland exploit chain
  ☆331Updated last year
• mgeeky / ElusiveMice
  Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind
  ☆422Updated last year
• itm4n / PPLcontrol
  Controlling Windows PP(L)s
  ☆263Updated last year