☆84Aug 26, 2024Updated last year
Alternatives and similar repositories for process-enumeration-stealth
Users that are interested in process-enumeration-stealth are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A novel technique to communicate between threads using the standard ETHREAD structure☆117Feb 27, 2021Updated 5 years ago
- It stinks☆103Apr 22, 2022Updated 4 years ago
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- My experience using Windows API for offensive purposes☆17Jul 10, 2021Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆103Oct 7, 2023Updated 2 years ago
- ☆23May 28, 2021Updated 4 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆286Sep 18, 2024Updated last year
- A way to delete a locked file, or current running executable, on disk.☆620Nov 5, 2025Updated 6 months ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆267Apr 29, 2023Updated 3 years ago
- Evasive Process Hollowing Techniques☆142Aug 16, 2020Updated 5 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆66Mar 19, 2024Updated 2 years ago
- List the ETW provider(s) in the registration table of a process.☆82Sep 20, 2023Updated 2 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 3 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ☆49May 12, 2021Updated 5 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆226Jun 9, 2020Updated 5 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆555Dec 3, 2023Updated 2 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆584Mar 8, 2024Updated 2 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆123May 22, 2021Updated 5 years ago
- PoC for hiding PE exports☆68Dec 19, 2020Updated 5 years ago
- Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs☆125May 24, 2022Updated 4 years ago
- A more stealthy variant of "DLL hollowing"☆366Mar 8, 2024Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 3 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- Using fibers to run in-memory code.☆244Oct 19, 2023Updated 2 years ago
- Self Delete DLL☆22Feb 15, 2024Updated 2 years ago
- A bunch of scripts and code i wrote.☆150Nov 7, 2024Updated last year
- Beacon Object File Loader☆294Dec 3, 2023Updated 2 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆170Jan 30, 2021Updated 5 years ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆192Jan 17, 2026Updated 4 months ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆694Mar 11, 2024Updated 2 years ago
- miscellaneous codes☆38Sep 24, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆268Oct 16, 2024Updated last year
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆291Mar 8, 2023Updated 3 years ago
- In-memory token vault BOF for Cobalt Strike☆150Aug 18, 2022Updated 3 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆158Jul 22, 2021Updated 4 years ago
- Antivirus Emulator Fingerprints☆30Oct 12, 2018Updated 7 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆301May 5, 2026Updated 2 weeks ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆141Sep 12, 2022Updated 3 years ago