PorLaCola25/PPID-Spoofing external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

PorLaCola25/PPID-Spoofing

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/PorLaCola25/PPID-Spoofing)

Close

PorLaCola25 / PPID-SpoofingView on GitHubMore

• External links
• Readme badge

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

☆42Sep 23, 2021Updated 4 years ago

Alternatives and similar repositories for PPID-Spoofing

Users that are interested in PPID-Spoofing are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• passthehashbrowns / DInvokeProcessHollowing

  View on GitHub
  ☆31Aug 23, 2020Updated 5 years ago
• trustedsec / inProc_Evade_Get-InjectedThread

  View on GitHub
  PoC code from blog
  ☆17Mar 10, 2020Updated 6 years ago
• Kara-4search / MappingInjection_CSharp

  View on GitHub
  MappingInjection via csharp
  ☆39Nov 19, 2021Updated 4 years ago
• Kara-4search / NewNtdllBypassInlineHook_CSharp

  View on GitHub
  Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.
  ☆62Sep 6, 2021Updated 4 years ago
• rbmm / SDD2

  View on GitHub
  Self delete DLL (2)
  ☆14Feb 15, 2024Updated 2 years ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• paranoidninja / PIC-Get-Privileges

  View on GitHub
  Building and Executing Position Independent Shellcode from Object Files in Memory
  ☆172Jan 30, 2021Updated 5 years ago
• mobdk / Upsilon

  View on GitHub
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆91Aug 26, 2021Updated 4 years ago
• boku7 / x64win-AddRdpAdminShellcode

  View on GitHub
  64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"
  ☆39May 3, 2021Updated 5 years ago
• cbwang505 / AppContainerBypass

  View on GitHub
  AppContainerBypass
  ☆21Apr 4, 2021Updated 5 years ago
• trickster0 / CReadMemory

  View on GitHub
  Read Memory without ReadProcessMemory for Current Process
  ☆92Feb 13, 2022Updated 4 years ago
• Mantraufo / Kanoninjector

  View on GitHub
  Runpe + DInvoke + Syscall
  ☆15Jun 18, 2021Updated 5 years ago
• D0Gshuang / ShellcodeLoader_stager

  View on GitHub
  ☆20Aug 10, 2022Updated 3 years ago
• RixedLabs / IDLE-Abuse

  View on GitHub
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆55Apr 4, 2023Updated 3 years ago
• Snowming04 / InjectProcess

  View on GitHub
  寻找可注入进程
  ☆13Jul 16, 2020Updated 5 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• mrexodia / IATFaker

  View on GitHub
  Small project to generate fake DLLs based on an executable's import table
  ☆26May 31, 2026Updated 2 weeks ago
• Peribunt / Ret-Spoofing

  View on GitHub
  A minimalistic way to spoof return addresses without using exceptions
  ☆19Jul 26, 2022Updated 3 years ago
• Kara-4search / DInvoke_shellcodeload_CSharp

  View on GitHub
  ShellCodeLoader via DInvoke
  ☆59Jul 5, 2021Updated 4 years ago
• oXis / DoublePulsarPayload

  View on GitHub
  C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.
  ☆30Nov 9, 2021Updated 4 years ago
• Gr1mmie / SharpShellCodeObfus

  View on GitHub
  Caeser Cipher your shellcode!
  ☆21Mar 11, 2022Updated 4 years ago
• Snowming04 / inject_shellcode_message_hook

  View on GitHub
  inject shellcode into remote process via message hook
  ☆15Oct 28, 2020Updated 5 years ago
• rsmudge / CVE-2020-0796-BOF

  View on GitHub
  ☆70Sep 17, 2020Updated 5 years ago
• connormcgarr / cThreadHijack

  View on GitHub
  Beacon Object File (BOF) for remote process injection via thread hijacking
  ☆223Jan 13, 2021Updated 5 years ago
• timwhitez / Doge-BlockDLLs

  View on GitHub
  Preventing 3rd Party DLLs from Injecting into your Malware
  ☆25Aug 31, 2021Updated 4 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• decay88 / WinXRunPE-x86_x64

  View on GitHub
  Two C# RunPE's capable of x86 and x64 injections
  ☆11Dec 2, 2018Updated 7 years ago
• hackfye / Misery

  View on GitHub
  Misery Loader to bypass modern EDR solutions
  ☆19Dec 20, 2024Updated last year
• mgeeky / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆14Sep 18, 2021Updated 4 years ago
• zu1k / beacon_hook_bypass_memscan

  View on GitHub
  works but not work, cao!
  ☆24Sep 4, 2021Updated 4 years ago
• outflanknl / InlineWhispers

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
  ☆320Nov 9, 2021Updated 4 years ago
• w1u0u1 / minidump

  View on GitHub
  Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…
  ☆127Jan 18, 2022Updated 4 years ago
• boom-cr3 / NotifyRoutineHijackThread

  View on GitHub
  Hijack NotifyRoutine for a kernelmode thread
  ☆40Jun 4, 2022Updated 4 years ago
• audibleblink / xordump

  View on GitHub
  ☆17Aug 15, 2021Updated 4 years ago
• Kara-4search / PEB-PPIDspoofing_Csharp

  View on GitHub
  Command line & PPID spoofing
  ☆30Apr 15, 2023Updated 3 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• alfarom256 / UserVAtoPhysical

  View on GitHub
  Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address
  ☆23Nov 22, 2021Updated 4 years ago
• rxwx / cs-rdll-ipc-example

  View on GitHub
  Example code for using named pipe output with beacon ReflectiveDLLs
  ☆122Jun 24, 2020Updated 5 years ago
• lawiet47 / STFUEDR

  View on GitHub
  Silence EDRs by removing kernel callbacks
  ☆240Dec 7, 2020Updated 5 years ago
• boku7 / HellsGatePPID

  View on GitHub
  Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
  ☆106Mar 8, 2023Updated 3 years ago
• NtRaiseHardError / NINA

  View on GitHub
  NINA: No Injection, No Allocation x64 Process Injection Technique
  ☆225Jun 9, 2020Updated 6 years ago
• Baron-von-Riedesel / ComView

  View on GitHub
  Win32 tool that allows to play with COM objects ( create objects of classes, call methods, set/get properties ). Can also create assembly…
  ☆18May 19, 2022Updated 4 years ago
• Paulo-D2000 / ShellCodeObfuscator

  View on GitHub
  Simple shellcode obfuscator using PYTHON and C / C++
  ☆75Jun 17, 2020Updated 6 years ago