PorLaCola25/PPID-Spoofing external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

PorLaCola25/PPID-Spoofing

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/PorLaCola25/PPID-Spoofing)

Close

PorLaCola25 / PPID-SpoofingView on GitHubMore

• External links
• Readme badge

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

☆42Sep 23, 2021Updated 4 years ago

Alternatives and similar repositories for PPID-Spoofing

Users that are interested in PPID-Spoofing are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• passthehashbrowns / DInvokeProcessHollowing

  View on GitHub
  ☆31Aug 23, 2020Updated 5 years ago
• trustedsec / inProc_Evade_Get-InjectedThread

  View on GitHub
  PoC code from blog
  ☆16Mar 10, 2020Updated 6 years ago
• Kara-4search / MappingInjection_CSharp

  View on GitHub
  MappingInjection via csharp
  ☆40Nov 19, 2021Updated 4 years ago
• Kara-4search / NewNtdllBypassInlineHook_CSharp

  View on GitHub
  Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.
  ☆62Sep 6, 2021Updated 4 years ago
• paranoidninja / PIC-Get-Privileges

  View on GitHub
  Building and Executing Position Independent Shellcode from Object Files in Memory
  ☆169Jan 30, 2021Updated 5 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• rbmm / SDD2

  View on GitHub
  Self delete DLL (2)
  ☆14Feb 15, 2024Updated 2 years ago
• mobdk / Upsilon

  View on GitHub
  Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
  ☆92Aug 26, 2021Updated 4 years ago
• boku7 / x64win-AddRdpAdminShellcode

  View on GitHub
  64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"
  ☆39May 3, 2021Updated 4 years ago
• cbwang505 / AppContainerBypass

  View on GitHub
  AppContainerBypass
  ☆21Apr 4, 2021Updated 4 years ago
• trickster0 / CReadMemory

  View on GitHub
  Read Memory without ReadProcessMemory for Current Process
  ☆92Feb 13, 2022Updated 4 years ago
• Mantraufo / Kanoninjector

  View on GitHub
  Runpe + DInvoke + Syscall
  ☆16Jun 18, 2021Updated 4 years ago
• D0Gshuang / ShellcodeLoader_stager

  View on GitHub
  ☆19Aug 10, 2022Updated 3 years ago
• RixedLabs / IDLE-Abuse

  View on GitHub
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆55Apr 4, 2023Updated 2 years ago
• Snowming04 / InjectProcess

  View on GitHub
  寻找可注入进程
  ☆13Jul 16, 2020Updated 5 years ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• mrexodia / IATFaker

  View on GitHub
  Small project to generate fake DLLs based on an executable's import table
  ☆24May 6, 2020Updated 5 years ago
• Peribunt / Ret-Spoofing

  View on GitHub
  A minimalistic way to spoof return addresses without using exceptions
  ☆18Jul 26, 2022Updated 3 years ago
• Kara-4search / DInvoke_shellcodeload_CSharp

  View on GitHub
  ShellCodeLoader via DInvoke
  ☆60Jul 5, 2021Updated 4 years ago
• oXis / DoublePulsarPayload

  View on GitHub
  C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.
  ☆31Nov 9, 2021Updated 4 years ago
• Gr1mmie / SharpShellCodeObfus

  View on GitHub
  Caeser Cipher your shellcode!
  ☆21Mar 11, 2022Updated 4 years ago
• Snowming04 / inject_shellcode_message_hook

  View on GitHub
  inject shellcode into remote process via message hook
  ☆15Oct 28, 2020Updated 5 years ago
• rsmudge / CVE-2020-0796-BOF

  View on GitHub
  ☆71Sep 17, 2020Updated 5 years ago
• CryptoBreach / UnhookPoC

  View on GitHub
  A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.
  ☆10Dec 16, 2021Updated 4 years ago
• connormcgarr / cThreadHijack

  View on GitHub
  Beacon Object File (BOF) for remote process injection via thread hijacking
  ☆221Jan 13, 2021Updated 5 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• timwhitez / Doge-BlockDLLs

  View on GitHub
  Preventing 3rd Party DLLs from Injecting into your Malware
  ☆25Aug 31, 2021Updated 4 years ago
• decay88 / WinXRunPE-x86_x64

  View on GitHub
  Two C# RunPE's capable of x86 and x64 injections
  ☆11Dec 2, 2018Updated 7 years ago
• hackfye / Misery

  View on GitHub
  Misery Loader to bypass modern EDR solutions
  ☆18Dec 20, 2024Updated last year
• mgeeky / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆14Sep 18, 2021Updated 4 years ago
• zu1k / beacon_hook_bypass_memscan

  View on GitHub
  works but not work, cao!
  ☆24Sep 4, 2021Updated 4 years ago
• outflanknl / InlineWhispers

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
  ☆321Nov 9, 2021Updated 4 years ago
• w1u0u1 / minidump

  View on GitHub
  Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…
  ☆127Jan 18, 2022Updated 4 years ago
• boom-cr3 / NotifyRoutineHijackThread

  View on GitHub
  Hijack NotifyRoutine for a kernelmode thread
  ☆41Jun 4, 2022Updated 3 years ago
• audibleblink / xordump

  View on GitHub
  ☆18Aug 15, 2021Updated 4 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• Kara-4search / PEB-PPIDspoofing_Csharp

  View on GitHub
  Command line & PPID spoofing
  ☆29Apr 15, 2023Updated 2 years ago
• alfarom256 / UserVAtoPhysical

  View on GitHub
  Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address
  ☆23Nov 22, 2021Updated 4 years ago
• rxwx / cs-rdll-ipc-example

  View on GitHub
  Example code for using named pipe output with beacon ReflectiveDLLs
  ☆121Jun 24, 2020Updated 5 years ago
• lawiet47 / STFUEDR

  View on GitHub
  Silence EDRs by removing kernel callbacks
  ☆238Dec 7, 2020Updated 5 years ago
• boku7 / HellsGatePPID

  View on GitHub
  Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process
  ☆108Mar 8, 2023Updated 3 years ago
• NtRaiseHardError / NINA

  View on GitHub
  NINA: No Injection, No Allocation x64 Process Injection Technique
  ☆227Jun 9, 2020Updated 5 years ago
• Baron-von-Riedesel / ComView

  View on GitHub
  Win32 tool that allows to play with COM objects ( create objects of classes, call methods, set/get properties ). Can also create assembly…
  ☆18May 19, 2022Updated 3 years ago