☆84Aug 26, 2024Updated last year
Alternatives and similar repositories for process-enumeration-stealth
Users that are interested in process-enumeration-stealth are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A novel technique to communicate between threads using the standard ETHREAD structure☆116Feb 27, 2021Updated 5 years ago
- It stinks☆103Apr 22, 2022Updated 3 years ago
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- My experience using Windows API for offensive purposes☆17Jul 10, 2021Updated 4 years ago
- ☆101Oct 7, 2023Updated 2 years ago
- ☆23May 28, 2021Updated 4 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- A way to delete a locked file, or current running executable, on disk.☆618Nov 5, 2025Updated 4 months ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆263Apr 29, 2023Updated 2 years ago
- Evasive Process Hollowing Techniques☆142Aug 16, 2020Updated 5 years ago
- List the ETW provider(s) in the registration table of a process.☆80Sep 20, 2023Updated 2 years ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆65Mar 19, 2024Updated 2 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 2 years ago
- ☆50May 12, 2021Updated 4 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆553Dec 3, 2023Updated 2 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆227Jun 9, 2020Updated 5 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆580Mar 8, 2024Updated 2 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆123May 22, 2021Updated 4 years ago
- PoC for hiding PE exports☆67Dec 19, 2020Updated 5 years ago
- Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs☆125May 24, 2022Updated 3 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Using fibers to run in-memory code.☆243Oct 19, 2023Updated 2 years ago
- Self Delete DLL☆22Feb 15, 2024Updated 2 years ago
- A bunch of scripts and code i wrote.☆149Nov 7, 2024Updated last year
- Building and Executing Position Independent Shellcode from Object Files in Memory☆168Jan 30, 2021Updated 5 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆189Jan 17, 2026Updated 2 months ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆688Mar 11, 2024Updated 2 years ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆267Oct 16, 2024Updated last year
- miscellaneous codes☆36Sep 24, 2023Updated 2 years ago
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆290Mar 8, 2023Updated 3 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆158Jul 22, 2021Updated 4 years ago
- Load a dynamic library from memory by modifying the native Windows loader☆285Jun 18, 2025Updated 9 months ago
- Antivirus Emulator Fingerprints☆30Oct 12, 2018Updated 7 years ago
- PoC MSVC COFF Object file loader/injector.☆184Mar 19, 2021Updated 5 years ago