This is a simple example and explanation of obfuscating API resolution via hashing
☆237May 25, 2020Updated 5 years ago
Alternatives and similar repositories for Windows-API-Hashing
Users that are interested in Windows-API-Hashing are comparing it to the libraries listed below
Sorting:
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- hooking KiUserApcDispatcher☆27Apr 3, 2017Updated 8 years ago
- ☆84Aug 26, 2024Updated last year
- Confirms the capability of Hardware-Accelerated Virtualization Technology.☆10Feb 26, 2026Updated 3 weeks ago
- An example of PE hollowing injection technique☆25Jun 28, 2019Updated 6 years ago
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- API hashing written in C to load APIs indirectly using CRC32 hashing☆15Jul 27, 2020Updated 5 years ago
- A VBA implementation of the RunPE technique or how to bypass application whitelisting.☆813Dec 17, 2019Updated 6 years ago
- Execute an arbitrary command within the context of another process☆21Jun 28, 2019Updated 6 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆500Jan 25, 2022Updated 4 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆58Oct 23, 2018Updated 7 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆263Apr 29, 2023Updated 2 years ago
- A way to delete a locked file, or current running executable, on disk.☆618Nov 5, 2025Updated 4 months ago
- ☆825Dec 28, 2019Updated 6 years ago
- This project demonstares an illegal read- and write- access to the kernel-mode data for both allocated by 3rd party drivers and EPROCESS …☆13Mar 6, 2018Updated 8 years ago
- This is a simple driver with x64 inline assembly☆55Jun 26, 2020Updated 5 years ago
- ☆170Jan 7, 2022Updated 4 years ago
- Universal Unhooking☆326Sep 19, 2018Updated 7 years ago
- Get your data from the resource section manually, with no need for windows apis☆67Oct 22, 2024Updated last year
- Original C Implementation of the Hell's Gate VX Technique☆1,170Jun 28, 2021Updated 4 years ago
- Converts PE into a shellcode☆2,752Aug 30, 2025Updated 6 months ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆824Aug 23, 2021Updated 4 years ago
- Obfuscate specific windows apis with different apis☆1,022Feb 21, 2021Updated 5 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- It stinks☆103Apr 22, 2022Updated 3 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,340Mar 7, 2026Updated 2 weeks ago
- Debugger checks in 3 ways☆19Jan 25, 2018Updated 8 years ago
- Phantom DLL hollowing PoC☆372May 23, 2022Updated 3 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆338Jan 16, 2022Updated 4 years ago
- 💉 DLL/Shellcode injection techniques☆715Mar 26, 2019Updated 6 years ago
- Remote PE reflective injection with a simple reflective loader☆32Jun 28, 2019Updated 6 years ago
- A C port of b33f's UrbanBishop☆38Oct 1, 2020Updated 5 years ago
- A memory scanning evasion technique☆901May 24, 2017Updated 8 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆596Jul 26, 2021Updated 4 years ago
- Mimikatz built as a static library.☆12Feb 9, 2022Updated 4 years ago
- An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.☆534Jul 2, 2025Updated 8 months ago