LloydLabs/process-enumeration-stealth external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

LloydLabs/process-enumeration-stealth

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/LloydLabs/process-enumeration-stealth)

Close

LloydLabs / process-enumeration-stealthView on GitHubMore

• External links
• Readme badge

☆84Aug 26, 2024Updated last year

Alternatives and similar repositories for process-enumeration-stealth

Users that are interested in process-enumeration-stealth are comparing it to the libraries listed below

• alfarom256 / StinkyLoader

  View on GitHub
  It stinks
  ☆105Apr 22, 2022Updated 3 years ago
• LloydLabs / dearg-thread-ipc-stealth

  View on GitHub
  A novel technique to communicate between threads using the standard ETHREAD structure
  ☆116Feb 27, 2021Updated 5 years ago
• w1u0u1 / minidump

  View on GitHub
  Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…
  ☆127Jan 18, 2022Updated 4 years ago
• zimnyaa / inmembof.py

  View on GitHub
  A small example of loading BOFs in Python with pure reflection
  ☆19Jan 26, 2023Updated 3 years ago
• AvivShabtay / OffensiveWinAPI

  View on GitHub
  My experience using Windows API for offensive purposes
  ☆17Jul 10, 2021Updated 4 years ago
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated last year
• outflanknl / FindObjects-BOF

  View on GitHub
  A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…
  ☆275May 3, 2023Updated 2 years ago
• frkngksl / Celeborn

  View on GitHub
  Userland API Unhooker Project
  ☆111Jun 14, 2021Updated 4 years ago
• lap1nou / CLR_Heap_encryption

  View on GitHub
  ☆101Oct 7, 2023Updated 2 years ago
• FalconForceTeam / SysWhispers2BOF

  View on GitHub
  Script to use SysWhispers2 direct system calls from Cobalt Strike BOFs
  ☆125May 24, 2022Updated 3 years ago
• Cracked5pider / CodeCave

  View on GitHub
  A bunch of scripts and code i wrote.
  ☆149Nov 7, 2024Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• redplait / pexphide

  View on GitHub
  PoC for hiding PE exports
  ☆67Dec 19, 2020Updated 5 years ago
• NtRaiseHardError / NINA

  View on GitHub
  NINA: No Injection, No Allocation x64 Process Injection Technique
  ☆227Jun 9, 2020Updated 5 years ago
• reevesrs24 / EvasiveProcessHollowing

  View on GitHub
  Evasive Process Hollowing Techniques
  ☆142Aug 16, 2020Updated 5 years ago
• LloydLabs / delete-self-poc

  View on GitHub
  A way to delete a locked file, or current running executable, on disk.
  ☆616Nov 5, 2025Updated 3 months ago
• Cracked5pider / CoffeeLdr

  View on GitHub
  Beacon Object File Loader
  ☆293Dec 3, 2023Updated 2 years ago
• rbmm / SDD

  View on GitHub
  Self Delete DLL
  ☆23Feb 15, 2024Updated 2 years ago
• passthehashbrowns / hook-integrity-checks

  View on GitHub
  ☆23May 28, 2021Updated 4 years ago
• Adepts-Of-0xCC / SnoopyOwl

  View on GitHub
  ☆48May 12, 2021Updated 4 years ago
• boku7 / HOLLOW

  View on GitHub
  EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…
  ☆291Mar 8, 2023Updated 2 years ago
• rad9800 / hwbp4mw

  View on GitHub
  ☆274Jan 14, 2023Updated 3 years ago
• paranoidninja / PIC-Get-Privileges

  View on GitHub
  Building and Executing Position Independent Shellcode from Object Files in Memory
  ☆167Jan 30, 2021Updated 5 years ago
• hlldz / misc

  View on GitHub
  miscellaneous codes
  ☆36Sep 24, 2023Updated 2 years ago
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆580Mar 8, 2024Updated last year
• fortra / hw-call-stack

  View on GitHub
  Use hardware breakpoints to spoof the call stack for both syscalls and API calls
  ☆203Jun 6, 2024Updated last year
• Henkru / cs-token-vault

  View on GitHub
  In-memory token vault BOF for Cobalt Strike
  ☆149Aug 18, 2022Updated 3 years ago
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 2 years ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection

  View on GitHub
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆263Apr 29, 2023Updated 2 years ago
• susMdT / LoudSunRun

  View on GitHub
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆261Oct 16, 2024Updated last year
• whokilleddb / ETWListicle

  View on GitHub
  List the ETW provider(s) in the registration table of a process.
  ☆80Sep 20, 2023Updated 2 years ago
• Cracked5pider / KaynLdr

  View on GitHub
  KaynLdr is a Reflective Loader written in C/ASM
  ☆555Dec 3, 2023Updated 2 years ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆684Mar 11, 2024Updated last year
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆140Sep 12, 2022Updated 3 years ago
• OtterHacker / CoffLoader

  View on GitHub
  ☆60Jan 9, 2023Updated 3 years ago
• rookuu / BOFs

  View on GitHub
  Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.
  ☆185Feb 11, 2021Updated 5 years ago
• boku7 / halosgate-ps

  View on GitHub
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆108Mar 8, 2023Updated 2 years ago
• 0xpat / COFFInjector

  View on GitHub
  PoC MSVC COFF Object file loader/injector.
  ☆185Mar 19, 2021Updated 4 years ago
• xrombar / flower

  View on GitHub
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆110Mar 25, 2024Updated last year