NotokDay / NTProcessInjector

Related projects: ⓘ

• BlackHat-Ashura / Process_Ghosting
  Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by…
  ☆14Updated 4 months ago
• rbmm / Hollowed-Process
  ☆24Updated 5 months ago
• AlSch092 / HideStaticReferences
  Research into removing strings & API call references at compile-time (Anti-Analysis)
  ☆22Updated 3 months ago
• a7t0fwa7 / SymProcSleuth
  A pure C version of SymProcAddress
  ☆23Updated 6 months ago
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆34Updated 2 years ago
• Faran-17 / Hellshazzard
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆52Updated last month
• joe-desimone / rep-research
  ☆62Updated last month
• vatsalgupta67 / Process-Hollowing
  Red Team Operation's Defense Evasion Technique.
  ☆50Updated 3 months ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆85Updated 2 years ago
• xalicex / Unhook-Import-Address-Table
  Piece of code to detect and remove hooks in IAT
  ☆51Updated 2 years ago
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆39Updated 2 months ago
• APT64 / KernelAVKiller
  Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.
  ☆6Updated last year
• fin3ss3g0d / HookFinder
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆31Updated last year
• Helixo32 / DetectHooks
  Detect userland hooks placed by AV/EDR
  ☆27Updated last year
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 2 years ago
• rbmm / ARL
  ☆22Updated 3 months ago
• b4rth0v5k1 / EarlyBirdNTDLL
  ☆33Updated last year
• peiga / DumpThatLSASS
  Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation
  ☆29Updated last year
• MMitsuha / Tajimari
  the Open Source and Pure C++ Packer for eXecutables
  ☆18Updated last year
• dosxuz / PerunsFart
  This is my own implementation of the Perun's Fart technique by Sektor7
  ☆64Updated 2 years ago
• Bl4ckM1rror / PEAs
  ☆57Updated 9 months ago
• NUL0x4C / W0wS3cur1tyEDR
  ☆50Updated this week
• inb1ts / birdnet-poc
  Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.
  ☆37Updated last year
• rtfmkiesel / loldrivers-client
  Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io
  ☆77Updated 7 months ago
• jsecurity101 / MSFT_DriverBlockList
  Repository of Microsoft Driver Block Lists based off of OS-builds
  ☆38Updated 5 months ago
• RedSiege / Chromatophore
  Utilities for obfuscating shellcode
  ☆38Updated 2 months ago
• aaaddress1 / ntkrnlProtectScan
  One Click Tool to Scan All the Enabled Protection of current Windows NT Kernel
  ☆43Updated 11 months ago
• MaorSabag / SideLoadingDLL
  Do some DLL SideLoading magic
  ☆72Updated last year
• rbmm / SDD
  Self Delete DLL
  ☆23Updated 7 months ago
• tijme / conferences
  Some of the presentations, workshops, and labs I gave at public conferences.
  ☆21Updated last week