PaddyCahil / windows-api-function-cheatsheets
A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.
☆92Updated last year
Alternatives and similar repositories for windows-api-function-cheatsheets:
Users that are interested in windows-api-function-cheatsheets are comparing it to the libraries listed below
- Just a simple silly PoC demonstrating executable "exe" file that can be used like exe, dll or shellcode...☆155Updated 6 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆208Updated 5 months ago
- Windows rootkit designed to work with BYOVD exploits☆173Updated 2 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆180Updated last year
- Windows Persistence IT-Security☆93Updated 3 weeks ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆142Updated last year
- Sleep obfuscation☆210Updated 3 months ago
- ☆114Updated last year
- This repository implements Threadless Injection in C☆161Updated last year
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆267Updated 3 weeks ago
- Template-based generation of shellcode loaders☆76Updated 11 months ago
- ☆39Updated last year
- This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead…☆111Updated 2 months ago
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆280Updated 10 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆244Updated 8 months ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆203Updated 2 years ago
- Weaponized HellsGate/SigFlip☆198Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆90Updated 9 months ago
- A 64-bit, position-independent code reverse TCP shell for Windows — built in Rust.☆62Updated 2 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆335Updated last month
- A simple Sleepmask BOF example☆93Updated 6 months ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆72Updated last year
- A POC to disable TamperProtection and other Defender / MDE components☆203Updated 9 months ago
- Proof of concept code for thread pool based process injection in Windows.☆115Updated this week
- Activation cache poisoning to elevate from medium to high integrity (CVE-2024-6769)☆64Updated 6 months ago
- ☆119Updated 6 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆106Updated 6 months ago
- Nameless C2 - A C2 with all its components written in Rust☆262Updated 6 months ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆78Updated last year
- TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.☆136Updated 3 months ago