NtRaiseHardError / AntiHook
PoC designed to evade userland-hooking anti-virus.
☆85Updated 5 years ago
Related projects ⓘ
Alternatives and complementary repositories for AntiHook
- Simple 32/64-bit PEs loader.☆135Updated 5 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆54Updated 6 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆73Updated 6 years ago
- Process Doppelgänging☆154Updated 6 years ago
- Process Hollowing for 32 bit and 64 bit☆80Updated 7 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆92Updated 5 years ago
- Analyze and attack windows applications using dll hijacking vulnerabilities☆55Updated 5 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆196Updated 4 years ago
- Process reimaging proof of concept code☆95Updated 5 years ago
- C++☆79Updated 8 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆44Updated 7 years ago
- a program to detect reflective dll injection on a live machine☆74Updated 8 years ago
- Windows API Hashes used in the malwares☆40Updated 9 years ago
- Windows Drivers☆95Updated 5 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆69Updated 3 years ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆63Updated 6 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆39Updated 2 months ago
- Use NT Native Registry API to create a registry that normal user can not query.☆53Updated 6 years ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆216Updated last year
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆92Updated 3 years ago
- PoC for detecting and dumping process hollowing code injection☆50Updated 6 years ago
- Reflective PE loader for DLL injection☆167Updated 7 years ago
- PoC for hiding PE exports☆65Updated 3 years ago
- Fileless persistence, attacks and anti-forensic capabilties.☆87Updated 5 years ago
- ☆49Updated 4 years ago