Lexsek / ProcessInjectionTool
Process injection tool, in order to explain how different process injection methods works and cool tricks with WINAPI.
☆20Updated 5 years ago
Related projects: ⓘ
- Windows API Hashes used in the malwares☆38Updated 9 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆33Updated 4 years ago
- "An Introduction to Windows Exploit Development" is an open sourced, free Windows exploit development course I created for the Southeast …☆39Updated 4 years ago
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆40Updated 3 years ago
- ☆40Updated this week
- ☆31Updated 4 years ago
- Some simple process injection techniques targeting the Windows platform☆30Updated 4 years ago
- Assembly block for hooking windows API functions.☆81Updated 5 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 2 years ago
- Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.☆94Updated 4 years ago
- ☆19Updated this week
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆102Updated 3 years ago
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 3 years ago
- Various tools, PoCs and experiments related to my blog at https://www.forrest-orr.net/☆35Updated 3 years ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆63Updated 6 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- Sysmon shenanigans☆65Updated 3 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆65Updated 3 years ago
- A ready-made template for a project based on libpeconv.☆40Updated last year
- PoC for DEF CON 26: Playing Malware Injection with Exploit thoughts☆23Updated 6 years ago
- Bare template for a Kernel Mode Driver☆50Updated 4 years ago
- ☆35Updated 5 years ago
- Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.☆68Updated last year
- A simple tool to view important DLL Characteristics and change DEP and ASLR☆45Updated 5 years ago
- ☆23Updated 2 years ago
- A simple COM server which provides a component to run shellcode☆131Updated 4 years ago
- PoC designed to evade userland-hooking anti-virus.☆85Updated 5 years ago
- ☆36Updated this week
- ☆48Updated 4 years ago