This is a simple example and explanation of obfuscating API resolution via hashing
☆237May 25, 2020Updated 5 years ago
Alternatives and similar repositories for Windows-API-Hashing
Users that are interested in Windows-API-Hashing are comparing it to the libraries listed below
Sorting:
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- hooking KiUserApcDispatcher☆27Apr 3, 2017Updated 8 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆58Oct 23, 2018Updated 7 years ago
- A VBA implementation of the RunPE technique or how to bypass application whitelisting.☆812Dec 17, 2019Updated 6 years ago
- This project demonstares an illegal read- and write- access to the kernel-mode data for both allocated by 3rd party drivers and EPROCESS …☆13Mar 6, 2018Updated 7 years ago
- This is a simple driver with x64 inline assembly☆55Jun 26, 2020Updated 5 years ago
- A way to delete a locked file, or current running executable, on disk.☆616Nov 5, 2025Updated 3 months ago
- ☆84Aug 26, 2024Updated last year
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- Original C Implementation of the Hell's Gate VX Technique☆1,161Jun 28, 2021Updated 4 years ago
- ☆826Dec 28, 2019Updated 6 years ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆501Jan 25, 2022Updated 4 years ago
- Confirms the capability of Hardware-Accelerated Virtualization Technology.☆10Updated this week
- Obfuscate specific windows apis with different apis☆1,021Feb 21, 2021Updated 5 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- Converts PE into a shellcode☆2,745Aug 30, 2025Updated 6 months ago
- Universal Unhooking☆326Sep 19, 2018Updated 7 years ago
- Execute an arbitrary command within the context of another process☆21Jun 28, 2019Updated 6 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆722Aug 5, 2020Updated 5 years ago
- Shellcode Compiler☆1,149Sep 1, 2024Updated last year
- A quick-and-dirty anti-hook library proof of concept.☆105Aug 29, 2018Updated 7 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆824Aug 23, 2021Updated 4 years ago
- 💉 DLL/Shellcode injection techniques☆716Mar 26, 2019Updated 6 years ago
- An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security☆341Jul 30, 2017Updated 8 years ago
- Red Team C code repo☆568Dec 16, 2024Updated last year
- Get your data from the resource section manually, with no need for windows apis☆67Oct 22, 2024Updated last year
- Phantom DLL hollowing PoC☆370May 23, 2022Updated 3 years ago
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,092Jun 17, 2022Updated 3 years ago
- LoadLibrary for offensive operations☆1,174Oct 22, 2021Updated 4 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆263Apr 29, 2023Updated 2 years ago
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,330Oct 31, 2025Updated 4 months ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆229Mar 22, 2023Updated 2 years ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆824Mar 10, 2022Updated 3 years ago
- An example of PE hollowing injection technique☆25Jun 28, 2019Updated 6 years ago
- A memory scanning evasion technique☆899May 24, 2017Updated 8 years ago
- An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.☆533Jul 2, 2025Updated 7 months ago
- ☆170Jan 7, 2022Updated 4 years ago