POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.
☆41Sep 23, 2021Updated 4 years ago
Alternatives and similar repositories for PPID-Spoofing
Users that are interested in PPID-Spoofing are comparing it to the libraries listed below
Sorting:
- ☆31Aug 23, 2020Updated 5 years ago
- Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.☆62Sep 6, 2021Updated 4 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used�☆92Aug 26, 2021Updated 4 years ago
- MappingInjection via csharp☆40Nov 19, 2021Updated 4 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆167Jan 30, 2021Updated 5 years ago
- ☆19Aug 10, 2022Updated 3 years ago
- AppContainerBypass☆21Apr 4, 2021Updated 4 years ago
- C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.☆31Nov 9, 2021Updated 4 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- (Sim)ulate (Ba)zar Loader☆28Nov 15, 2020Updated 5 years ago
- ShellCodeLoader via DInvoke☆60Jul 5, 2021Updated 4 years ago
- ☆18Aug 15, 2021Updated 4 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 2 years ago
- Writing Your Own Ticket to the Cloud Like APT: A Deep-dive to AD FS Attacks, Detections, and Mitigations☆12Dec 9, 2022Updated 3 years ago
- 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"☆39May 3, 2021Updated 4 years ago
- works but not work, cao!☆24Sep 4, 2021Updated 4 years ago
- C# implementation of Shellcode delivery techniques using PInvoke and DInvoke variations for API calling.☆37Dec 20, 2021Updated 4 years ago
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- 寻找可注入进程☆13Jul 16, 2020Updated 5 years ago
- Runpe + DInvoke + Syscall��☆16Jun 18, 2021Updated 4 years ago
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- Simple shellcode obfuscator using PYTHON and C / C++☆74Jun 17, 2020Updated 5 years ago
- Read Memory without ReadProcessMemory for Current Process☆92Feb 13, 2022Updated 4 years ago
- Beacon Object File (BOF) for remote process injection via thread hijacking☆220Jan 13, 2021Updated 5 years ago
- Remove API hooks from a Beacon process.☆14Sep 18, 2021Updated 4 years ago
- ☆71Sep 17, 2020Updated 5 years ago
- maldev obviously☆28May 5, 2025Updated 10 months ago
- Automated compiler obfuscation for nim☆139Jun 27, 2022Updated 3 years ago
- A minimalistic way to spoof return addresses without using exceptions☆18Jul 26, 2022Updated 3 years ago
- inject shellcode into remote process via message hook☆15Oct 28, 2020Updated 5 years ago
- AMSI detection PoC☆31Apr 14, 2020Updated 5 years ago
- Preventing 3rd Party DLLs from Injecting into your Malware☆25Aug 31, 2021Updated 4 years ago
- Bypass UAC at any level by abusing the Task Scheduler and environment variables☆35Jul 12, 2021Updated 4 years ago
- Section Mapping Process Injection modified with SysWhisper2 (sw2-secinject): Cobalt Strike BOF☆44Jun 23, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- cs4.0 cs 4.1 beacon加解密☆25Mar 29, 2021Updated 4 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆227Jun 9, 2020Updated 5 years ago
- Load .net assemblies from memory while having them appear to be loaded from an on-disk location.☆173May 5, 2021Updated 4 years ago
- x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks☆236Mar 8, 2023Updated 3 years ago