MappingInjection via csharp
☆40Nov 19, 2021Updated 4 years ago
Alternatives and similar repositories for MappingInjection_CSharp
Users that are interested in MappingInjection_CSharp are comparing it to the libraries listed below
Sorting:
- Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.☆62Sep 6, 2021Updated 4 years ago
- HookDetection☆45Sep 3, 2021Updated 4 years ago
- Using fibers to execute shellcode in a local process via csharp☆28Jan 2, 2022Updated 4 years ago
- Command line & PPID spoofing☆29Apr 15, 2023Updated 2 years ago
- Bypass AMSI☆13Aug 8, 2021Updated 4 years ago
- A Simple ShellcodeLoader☆11Jun 4, 2021Updated 4 years ago
- ProcessHollowing via csharp☆13Dec 21, 2021Updated 4 years ago
- Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.☆18Jan 21, 2022Updated 4 years ago
- Bypassing ETW with Csharp☆27Oct 28, 2021Updated 4 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- Process inject technique "Thread hijacking" via csharp☆15Dec 18, 2021Updated 4 years ago
- Inject shellcode into process via "EarlyBird"☆26Aug 30, 2021Updated 4 years ago
- ShellCodeLoader via DInvoke☆60Jul 5, 2021Updated 4 years ago
- Released presentations of my talks + code that used during these talks☆15Sep 5, 2024Updated last year
- ☆31Aug 23, 2020Updated 5 years ago
- Runpe + DInvoke + Syscall☆16Jun 18, 2021Updated 4 years ago
- This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly☆20Apr 17, 2023Updated 2 years ago
- A Proof-of-Concept implementation for Proxy Object Obfuscation in .NET☆48Jan 8, 2023Updated 3 years ago
- Bypass windows eventlogs & Sysmon☆20Aug 24, 2021Updated 4 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆41Sep 23, 2021Updated 4 years ago
- Bypass Windows defender syscall��☆18Jul 17, 2021Updated 4 years ago
- This project is created for research into antivirus evasion by unhooking.☆18Sep 2, 2021Updated 4 years ago
- Windows Service with the implementation of the Process hollowing technique to run shellcode☆14Jul 20, 2023Updated 2 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Aug 26, 2021Updated 4 years ago
- A small shellcode loader library written in C#☆48Dec 21, 2021Updated 4 years ago
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- ☆12Oct 9, 2020Updated 5 years ago
- Load shellcode via syscall☆56Jul 28, 2021Updated 4 years ago
- C# API for Nidhogg rootkit☆21Apr 25, 2024Updated last year
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆59May 23, 2022Updated 3 years ago
- PoC script to demonstrate collection of SCCM attack paths that can be viewed in BH with OpenGraph☆24Aug 2, 2025Updated 6 months ago
- ☆13Oct 20, 2021Updated 4 years ago
- C# version of MDSec's ParallelSyscalls☆141Jan 9, 2022Updated 4 years ago
- Extracting Syscall Stub, Modernized☆65Apr 2, 2022Updated 3 years ago
- Process Ghosting in C#☆219Jan 24, 2022Updated 4 years ago
- Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI☆240Jun 9, 2023Updated 2 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆54Feb 29, 2024Updated 2 years ago
- LdrLoadDll Unhooking☆135Jan 16, 2022Updated 4 years ago