Various Process Injection Techniques
☆165Jun 14, 2022Updated 3 years ago
Alternatives and similar repositories for Process-Injection-Techniques
Users that are interested in Process-Injection-Techniques are comparing it to the libraries listed below
Sorting:
- Windows API Call Obfuscation☆112Dec 9, 2022Updated 3 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- ☆58Dec 20, 2023Updated 2 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode☆163Jul 31, 2022Updated 3 years ago
- Anti-Analysis technique, trick the debugger by Hiding events from it.☆20Sep 6, 2021Updated 4 years ago
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆387Jan 29, 2022Updated 4 years ago
- ☆136Aug 6, 2022Updated 3 years ago
- A simple present scene, kernel allocation injector.☆27Jun 12, 2022Updated 3 years ago
- Sleep Obfuscation☆817Dec 3, 2023Updated 2 years ago
- hidden_syscall - syscaller without using syscall instruction in code☆63Jan 23, 2023Updated 3 years ago
- Stealing signatures from pe files☆15Apr 1, 2025Updated 11 months ago
- Load Encrypted Dll Using LoadLibraryA, Keep The Dll Encrypted on disc all the time and decrypt it only in memory.☆23Sep 5, 2021Updated 4 years ago
- ☆22Aug 11, 2021Updated 4 years ago
- Drawing from kernelmode without any hooks☆174Jul 7, 2022Updated 3 years ago
- base for testing☆187Sep 28, 2024Updated last year
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆557Apr 8, 2025Updated 10 months ago
- ☆118Aug 7, 2022Updated 3 years ago
- ☆14Nov 29, 2021Updated 4 years ago
- ☆18Jul 4, 2019Updated 6 years ago
- Runs programs as TrustedInstaller☆49Jul 1, 2019Updated 6 years ago
- TartarusGate, Bypassing EDRs☆653Jan 25, 2022Updated 4 years ago
- ☆38Nov 30, 2022Updated 3 years ago
- ☆274Jan 14, 2023Updated 3 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆411Jan 11, 2026Updated last month
- PoC Implementation of a fully dynamic call stack spoofer☆922Jul 20, 2024Updated last year
- Old way for blocking NMI interrupts☆29Sep 6, 2022Updated 3 years ago
- ☆101Oct 7, 2023Updated 2 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- ☆158May 21, 2024Updated last year
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆684Mar 11, 2024Updated last year
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆385Aug 8, 2021Updated 4 years ago
- Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html☆144Apr 21, 2022Updated 3 years ago
- Manual DLL Injector using Thread Hijacking.☆241Nov 24, 2017Updated 8 years ago
- A kernelmode driver swapping a .data pointer in the kernel to perform communication between the kernel and usermode.☆142Oct 20, 2020Updated 5 years ago
- A minimalistic way to spoof return addresses without using exceptions☆17Jul 26, 2022Updated 3 years ago
- ⚙️ Map and execute EXE in memory☆12Dec 23, 2022Updated 3 years ago
- eac memory sig maker☆14Jun 10, 2021Updated 4 years ago
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago