NtRaiseHardError / AntiHook

Related projects ⓘ

Alternatives and complementary repositories for AntiHook

• 86hh / DreamLoader
  Simple 32/64-bit PEs loader.
  ☆135Updated 5 years ago
• NtRaiseHardError / Dreadnought
  PoC for detecting and dumping code injection (built and extended on UnRunPE)
  ☆54Updated 6 years ago
• NtRaiseHardError / Anti-Delete
  Protects deletion of files with a specified extension using a kernel-mode driver.
  ☆73Updated 6 years ago
• 3gstudent / Inject-dll-by-Process-Doppelganging
  Process Doppelgänging
  ☆154Updated 6 years ago
• idan1288 / ProcessHollowing32-64
  Process Hollowing for 32 bit and 64 bit
  ☆80Updated 7 years ago
• hoangprod / DanSpecial
  Weaponizing Gigabyte driver for priv escalation and bypass PPL
  ☆68Updated 5 years ago
• jackullrich / TRunPE
  A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…
  ☆92Updated 5 years ago
• JKornev / hijacken
  Analyze and attack windows applications using dll hijacking vulnerabilities
  ☆55Updated 5 years ago
• NtRaiseHardError / NINA
  NINA: No Injection, No Allocation x64 Process Injection Technique
  ☆196Updated 4 years ago
• djhohnstein / ProcessReimaging
  Process reimaging proof of concept code
  ☆95Updated 5 years ago
• killswitch-GUI / HotLoad-Driver
  C++
  ☆79Updated 8 years ago
• uvbs / NT-APC-Injector
  APC DLL Injector with NtQueueApcThread and wake up thread support
  ☆44Updated 7 years ago
• papadp / reflective-injection-detection
  a program to detect reflective dll injection on a live machine
  ☆74Updated 8 years ago
• hidd3ncod3s / WindowsAPIhash
  Windows API Hashes used in the malwares
  ☆40Updated 9 years ago
• SouhailHammou / Drivers
  Windows Drivers
  ☆95Updated 5 years ago
• DanielAvinoam / TheSubZeroProject
  A multi-staged malware that contains a kernel mode rootkit and a remote system shell.
  ☆69Updated 3 years ago
• t3rabyt3-zz / Gozi
  Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.
  ☆63Updated 6 years ago
• hasherezade / hidden_bee_tools
  Parser for a custom executable format from Hidden Bee malware (first stage)
  ☆39Updated 2 months ago
• 3gstudent / HiddenNtRegistry
  Use NT Native Registry API to create a registry that normal user can not query.
  ☆53Updated 6 years ago
• hasherezade / chimera_pe
  ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…
  ☆216Updated last year
• sgabe / SymlinkProtect
  File system minifilter driver for Windows to block symbolic link attacks.
  ☆51Updated 3 years ago
• hasherezade / process_chameleon
  A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
  ☆92Updated 3 years ago
• NtRaiseHardError / UnRunPE
  PoC for detecting and dumping process hollowing code injection
  ☆50Updated 6 years ago
• BenjaminSoelberg / ReflectivePELoader
  Reflective PE loader for DLL injection
  ☆167Updated 7 years ago
• redplait / pexphide
  PoC for hiding PE exports
  ☆65Updated 3 years ago
• NtRaiseHardError / Kaiser
  Fileless persistence, attacks and anti-forensic capabilties.
  ☆87Updated 5 years ago
• Truneski / WindowsKernelProgramming-Exercises
  ☆49Updated 4 years ago