POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.
☆42Sep 23, 2021Updated 4 years ago
Alternatives and similar repositories for PPID-Spoofing
Users that are interested in PPID-Spoofing are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆31Aug 23, 2020Updated 5 years ago
- PoC code from blog☆16Mar 10, 2020Updated 6 years ago
- MappingInjection via csharp☆40Nov 19, 2021Updated 4 years ago
- Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.☆62Sep 6, 2021Updated 4 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆168Jan 30, 2021Updated 5 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Self delete DLL (2)☆13Feb 15, 2024Updated 2 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Aug 26, 2021Updated 4 years ago
- 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"☆39May 3, 2021Updated 4 years ago
- AppContainerBypass☆21Apr 4, 2021Updated 5 years ago
- Read Memory without ReadProcessMemory for Current Process☆92Feb 13, 2022Updated 4 years ago
- Runpe + DInvoke + Syscall☆16Jun 18, 2021Updated 4 years ago
- ☆19Aug 10, 2022Updated 3 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆55Apr 4, 2023Updated 3 years ago
- 寻找可注入进程☆13Jul 16, 2020Updated 5 years ago
- Deploy open-source AI quickly and easily - Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Small project to generate fake DLLs based on an executable's import table☆24May 6, 2020Updated 5 years ago
- A minimalistic way to spoof return addresses without using exceptions☆19Jul 26, 2022Updated 3 years ago
- ShellCodeLoader via DInvoke☆60Jul 5, 2021Updated 4 years ago
- C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.☆31Nov 9, 2021Updated 4 years ago
- Caeser Cipher your shellcode!☆21Mar 11, 2022Updated 4 years ago
- inject shellcode into remote process via message hook☆15Oct 28, 2020Updated 5 years ago
- ☆71Sep 17, 2020Updated 5 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- Beacon Object File (BOF) for remote process injection via thread hijacking☆220Jan 13, 2021Updated 5 years ago
- Serverless GPU API endpoints on Runpod - Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Preventing 3rd Party DLLs from Injecting into your Malware☆25Aug 31, 2021Updated 4 years ago
- Two C# RunPE's capable of x86 and x64 injections☆11Dec 2, 2018Updated 7 years ago
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- Remove API hooks from a Beacon process.☆14Sep 18, 2021Updated 4 years ago
- works but not work, cao!☆24Sep 4, 2021Updated 4 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)☆320Nov 9, 2021Updated 4 years ago
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- ☆18Aug 15, 2021Updated 4 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- Command line & PPID spoofing☆30Apr 15, 2023Updated 3 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆121Jun 24, 2020Updated 5 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆108Mar 8, 2023Updated 3 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆227Jun 9, 2020Updated 5 years ago
- Original hVNC has been recoded to work with all version of windows above XP. Thanks to the original author for this wonderful tool.☆10Oct 13, 2021Updated 4 years ago