NtRaiseHardError / AntiHook
PoC designed to evade userland-hooking anti-virus.
☆88Updated 5 years ago
Alternatives and similar repositories for AntiHook:
Users that are interested in AntiHook are comparing it to the libraries listed below
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆56Updated 6 years ago
- Process Doppelgänging☆156Updated 7 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆75Updated 6 years ago
- Simple 32/64-bit PEs loader.☆136Updated 6 years ago
- Use NT Native Registry API to create a registry that normal user can not query.☆57Updated 7 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104Updated 4 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆93Updated 3 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆93Updated 5 years ago
- Analyze and attack windows applications using dll hijacking vulnerabilities☆56Updated 5 years ago
- PoC for detecting and dumping process hollowing code injection☆51Updated 6 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆195Updated 4 years ago
- C++☆80Updated 8 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆42Updated 7 years ago
- A ready-made template for a project based on libpeconv.☆43Updated 3 months ago
- Process reimaging proof of concept code☆95Updated 5 years ago
- Process Hollowing for 32 bit and 64 bit☆81Updated 7 years ago
- A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use…☆117Updated 7 years ago
- Fileless persistence, attacks and anti-forensic capabilties.☆90Updated 6 years ago
- A minimal tool to extract shellcode from 64-bit PE binaries.☆50Updated 3 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆118Updated 5 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆156Updated 5 years ago
- Load a Windows Kernel Driver☆91Updated 7 years ago
- A proof-of-concept subject interface package (SIP) used to demonstrate digital signature subversion attacks.☆95Updated 7 years ago
- Bare template for a Kernel Mode Driver☆51Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆72Updated 3 years ago
- Windows Drivers☆97Updated 5 years ago
- Slui File Handler Hijack UAC Bypass Local Privilege Escalation☆89Updated 2 years ago
- ☆56Updated 10 years ago