Three Tiny Examples of Directly Using Vista's NtCreateUserProcess
☆89Nov 9, 2015Updated 10 years ago
Alternatives and similar repositories for createuserprocess
Users that are interested in createuserprocess are comparing it to the libraries listed below
Sorting:
- ☆13Jan 21, 2019Updated 7 years ago
- A working version of this tutorial: https://docs.microsoft.com/en-us/windows/desktop/rpc/tutorial☆16Jun 22, 2019Updated 6 years ago
- Windows 10 UAC bypass PoC using LaunchInfSection☆35Aug 3, 2018Updated 7 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- ☆24Jul 24, 2020Updated 5 years ago
- ☆108Sep 24, 2018Updated 7 years ago
- HAXM hypervisor client☆18Nov 30, 2018Updated 7 years ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆144May 10, 2022Updated 3 years ago
- ☆12Aug 2, 2017Updated 8 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- Process Doppelgänging☆162Dec 19, 2017Updated 8 years ago
- Import library generator for x86 PE files☆59Apr 8, 2019Updated 6 years ago
- AllMemPro☆46Jan 15, 2018Updated 8 years ago
- ☆12Dec 15, 2016Updated 9 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆108Jan 3, 2021Updated 5 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 5 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104May 14, 2020Updated 5 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆227Jun 9, 2020Updated 5 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- The Network project is a C++ encapsulation of WinSock2 to form a lightweight network library; The Graphics project is a C++ encapsulation…☆13Oct 31, 2017Updated 8 years ago
- Run Processes as PPL with ELAM☆177Mar 17, 2022Updated 3 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- A sample on how to inject a DLL from a kernel driver☆61Sep 13, 2016Updated 9 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Mar 13, 2017Updated 8 years ago
- Obfuscate specific windows apis with different apis☆1,021Feb 21, 2021Updated 5 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆158Jun 10, 2019Updated 6 years ago
- A modern c++ implementation of windows heavens gate☆245Sep 19, 2020Updated 5 years ago
- Windows device tree walker☆15Sep 19, 2018Updated 7 years ago
- Stealthy Injector that leverages a vulnerable driver and other exploits to remain undetected☆37Dec 10, 2018Updated 7 years ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆638Aug 30, 2022Updated 3 years ago
- Headers for linking your software with ntdll.dll☆15Nov 4, 2020Updated 5 years ago
- Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).☆69Nov 14, 2016Updated 9 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- User-mode hook bypassing method☆33Aug 26, 2016Updated 9 years ago
- User-mode part of Zerokit platform☆22Mar 30, 2019Updated 6 years ago
- ☆170Jan 7, 2022Updated 4 years ago
- X86 version of syswhispers2 / x86 direct system call☆330Jan 28, 2021Updated 5 years ago