Alternatives and similar repositories for NTProcessInjector

Users that are interested in NTProcessInjector are comparing it to the libraries listed below

• a7t0fwa7 / SymProcSleuth
  A pure C version of SymProcAddress
  ☆27Updated last year
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated 2 years ago
• rad9800 / BloatedHammer
  API Hammering with C++20
  ☆46Updated 2 years ago
• peiga / DumpThatLSASS
  Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation
  ☆31Updated 2 years ago
• cpu0x00 / EternelSuspention
  a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless
  ☆38Updated 11 months ago
• SolomonSklash / COM-Hijacking
  An example of COM hijacking using a proxy DLL.
  ☆28Updated 3 years ago
• rbmm / Hollowed-Process
  ☆26Updated 4 months ago
• Bl4ckM1rror / PEAs
  ☆59Updated last year
• C5Hackr / c_syscalls
  https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.
  ☆31Updated last year
• vatsalgupta67 / Process-Hollowing
  Red Team Operation's Defense Evasion Technique.
  ☆53Updated last year
• Fitretech-Security / dylight
  macOS dylib stager
  ☆35Updated 5 months ago
• lem0nSec / Dsebler
  Reimplementation of the KExecDD DSE bypass technique.
  ☆49Updated 9 months ago
• AlSch092 / HideStaticReferences
  Research into removing strings & API call references at compile-time (Anti-Analysis)
  ☆27Updated last year
• CaptainNox / Hypnos
  A more reliable way of resolving syscall numbers in Windows
  ☆49Updated last year
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆16Updated 11 months ago
• passthehashbrowns / suspendedunhook
  ☆39Updated 4 years ago
• rbmm / SC
  shell code example
  ☆49Updated last month
• BlackHat-Ashura / Process_Ghosting
  Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by…
  ☆14Updated last year
• maziland / StackBombing
  Next gen process injection technique
  ☆54Updated 4 years ago
• Slowerzs / CryptDecryptMemory
  ☆30Updated 6 months ago
• bluefrostsecurity / Windows-Drive-Remapping-EoP
  ☆31Updated last year
• dobin / ace-firefist
  Attack chain emulator. Write recipes for initial access easily
  ☆20Updated 4 months ago
• caueb / ThreadlessStompingKann
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆61Updated last year
• GetRektBoy724 / SyscallShuffler
  Your NTDLL vaccine from modern direct syscall methods.
  ☆35Updated 3 years ago
• fin3ss3g0d / HookFinder
  Simple PoC to locate hooked functions by EDR in ntdll.dll
  ☆37Updated last year
• Helixo32 / DetectHooks
  Detect userland hooks placed by AV/EDR
  ☆27Updated last year
• MaorSabag / Paruns-Fart
  Just another ntdll unhooking using Parun's Fart technique
  ☆75Updated 2 years ago
• paranoidninja / BRC4-Seminar-Stage-I
  These are the slide decks and source code for Brute Ratel Seminar conducted on 24th August 2023. The youtube video for the seminar can be…
  ☆19Updated last year
• AlionGreen / apc-injection
  Process Injection: APC Injection
  ☆33Updated 4 years ago
• Faran-17 / Hellshazzard
  Indirect Syscall implementation to bypass userland NTAPIs hooking.
  ☆74Updated 10 months ago