Process doppelganging POC using direct system calls, PPID spoofing and dropbox as an external delivery channel for the payload.
☆16Jan 7, 2021Updated 5 years ago
Alternatives and similar repositories for ProcessDoppelganging
Users that are interested in ProcessDoppelganging are comparing it to the libraries listed below
Sorting:
- Modify data structures in the Windows kernel, hiding processes by PID☆16Oct 29, 2017Updated 8 years ago
- TLS Examples in Schannel and IO Completion Ports☆10Jun 21, 2022Updated 3 years ago
- Adds many features and provides options for Microsoft Copilot / Bing AI (ChatGPT v4).☆11Jun 4, 2024Updated last year
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- A PE32/PE32+ parser written in MASM32☆13Feb 24, 2016Updated 10 years ago
- 无模块注入工程 VS2008☆11Jul 23, 2018Updated 7 years ago
- WoW64 -> x64☆18Oct 1, 2016Updated 9 years ago
- Playing with packets in C#☆15Aug 16, 2024Updated last year
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- Windows PE Signature Thief in C++☆51Aug 21, 2020Updated 5 years ago
- Pattern Scanning Library supporting compile time patterns, both x86_64 and arm64☆19Aug 3, 2025Updated 7 months ago
- ☆20Feb 6, 2024Updated 2 years ago
- 记录一下Windows下的Hook技巧☆15Jul 15, 2024Updated last year
- ☆15Dec 16, 2020Updated 5 years ago
- Loads shellcode from a resource file.☆22Aug 15, 2019Updated 6 years ago
- Access windows machine remotely on HTTP☆12Oct 28, 2020Updated 5 years ago
- Reflective DLL that hooks the creation of the UAC prompt popped by explorer.exe for privilege escalation.☆22Feb 20, 2021Updated 5 years ago
- Simple remote administration tool. Written in c++ and MASM.☆18May 16, 2018Updated 7 years ago
- Encrypted Shellcode Loader Generator☆22Jan 29, 2019Updated 7 years ago
- A Lazy Programmer's Tips for Avoiding the SOC ~ BSides Belfast 2024☆16Sep 12, 2024Updated last year
- Cobalt Strike notifications via NTFY.☆15Sep 24, 2024Updated last year
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆109Jan 3, 2021Updated 5 years ago
- Remote memory library in C++17.☆34May 31, 2018Updated 7 years ago
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 4 months ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆43May 6, 2023Updated 2 years ago
- Modern C++ wrapper for Windows PE signature verification mechanism☆30Aug 9, 2019Updated 6 years ago
- C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.☆31Nov 9, 2021Updated 4 years ago
- A bunch of shenanigans using functions, VEH and more☆38Jun 8, 2025Updated 9 months ago
- A few examples of how to trap virtual memory access on Windows.☆42Dec 18, 2024Updated last year
- The Network project is a C++ encapsulation of WinSock2 to form a lightweight network library; The Graphics project is a C++ encapsulation…☆13Oct 31, 2017Updated 8 years ago
- This is another tool helping to generate c file for dll hijack, besides AheadLib and AddExport. 这是 AheadLib 和 AddExport 之外的,另一种生成 DLL 劫持…☆27Mar 17, 2019Updated 7 years ago
- Bypass AMSI and Executing PowerShell scripts from C# - using CyberArk's method to bypass AMSI☆31Feb 22, 2020Updated 6 years ago
- A tool that reads a PE file from a byte array buffer and injects it into memory.☆29Aug 5, 2019Updated 6 years ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆272Oct 31, 2024Updated last year
- Binary dumps of World of Warcraft Classic...for educational purposes of course☆31Sep 23, 2021Updated 4 years ago
- Simple programmatic Windows processes monitor.☆26Mar 8, 2015Updated 11 years ago
- RunPE using Hell's Gate technique.☆32Dec 4, 2020Updated 5 years ago
- force delete runing .exe application file.or delete any locked file☆74Mar 21, 2023Updated 3 years ago
- ☆79Aug 6, 2017Updated 8 years ago