HookDetection
☆45Sep 3, 2021Updated 4 years ago
Alternatives and similar repositories for HookDetection_CSharp
Users that are interested in HookDetection_CSharp are comparing it to the libraries listed below
Sorting:
- MappingInjection via csharp☆40Nov 19, 2021Updated 4 years ago
- Command line & PPID spoofing☆29Apr 15, 2023Updated 2 years ago
- Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.☆18Jan 21, 2022Updated 4 years ago
- Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.☆62Sep 6, 2021Updated 4 years ago
- ShellCodeLoader via DInvoke☆60Jul 5, 2021Updated 4 years ago
- CallBack-Techniques for Shellcode execution ported to Nim☆62Mar 19, 2021Updated 4 years ago
- Using fibers to execute shellcode in a local process via csharp☆28Jan 2, 2022Updated 4 years ago
- Bypassing ETW with Csharp☆27Oct 28, 2021Updated 4 years ago
- Inject shellcode into process via "EarlyBird"☆26Aug 30, 2021Updated 4 years ago
- ☆18Aug 19, 2021Updated 4 years ago
- CobaltStrike Extentions☆40Oct 24, 2021Updated 4 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Apr 10, 2022Updated 3 years ago
- ProcessHollowing via csharp☆13Dec 21, 2021Updated 4 years ago
- CVE-2025-59501 POC code☆25Nov 20, 2025Updated 3 months ago
- Released presentations of my talks + code that used during these talks☆15Sep 5, 2024Updated last year
- Some stuff for PHD2021☆14May 21, 2025Updated 9 months ago
- DInvisibleRegistry☆83Nov 20, 2020Updated 5 years ago
- My implementation of Halo's Gate technique in C#☆54Apr 20, 2022Updated 3 years ago
- A PoC .NET-specific process injection tool☆58Mar 17, 2024Updated last year
- A Study in Obfuscation: Analyzing the effect of various techniques to bypass AV engines☆45Oct 27, 2022Updated 3 years ago
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆17Mar 4, 2023Updated 3 years ago
- ☆12Feb 19, 2026Updated last week
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- Load shellcode via syscall☆56Jul 28, 2021Updated 4 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- in-process powershell runner for BRC4☆48Oct 31, 2023Updated 2 years ago
- ☆125Jun 28, 2023Updated 2 years ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆29Oct 29, 2021Updated 4 years ago
- ☆18Nov 24, 2020Updated 5 years ago
- Bypass AMSI☆13Aug 8, 2021Updated 4 years ago
- A little tool to play with the Seclogon service☆326Jul 10, 2022Updated 3 years ago
- AmsiScanBufferBypass using D/Invoke☆136Jun 17, 2021Updated 4 years ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆307Dec 9, 2023Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- COFF and BOF Loader written in Nim☆175Aug 1, 2022Updated 3 years ago
- Extracting Syscall Stub, Modernized☆65Apr 2, 2022Updated 3 years ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- Little program written in C# to bypass EDR hooks and dump the content of the lsass process☆61Jun 24, 2021Updated 4 years ago
- A script that greps composite key-like strings from a KeePassXC process dump, then uses a customized version of pykeepass library to unlo…☆33Nov 12, 2022Updated 3 years ago