ScorchSecurity / Toast
User-mode hook bypassing method
☆32Updated 8 years ago
Related projects: ⓘ
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆21Updated 7 years ago
- ☆16Updated 4 years ago
- drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.☆31Updated 6 years ago
- ☆24Updated this week
- ☆33Updated 6 years ago
- Kernel-mode file scanner☆17Updated 6 years ago
- ☆12Updated this week
- Bypass for the hardening against usage of tagWnd as a kernel read/write primitive☆25Updated 7 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- Code injection via delay load libraries☆34Updated 6 years ago
- Kernel mode windows NT API logger☆21Updated 5 years ago
- ☆31Updated this week
- A POC for Windows Extension Host hooking☆22Updated 5 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago
- User-mode part of Zerokit platform☆20Updated 5 years ago
- Code Injector Using Code Caves☆14Updated 9 years ago
- Helper utility for debugging windows PE/PE+ loader.☆49Updated 9 years ago
- Green shellcode challenge tools☆22Updated 5 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆18Updated 8 years ago
- Class implementation of PowerLoader injection technique☆29Updated 7 years ago
- Brand New Code Injection for Windows https://breakingmalware.com/injection-techniques/atombombing-brand-new-code-injection-for-windows☆19Updated 7 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 8 years ago
- Common Malware Techniques☆13Updated last year
- ☆19Updated 5 years ago
- Self-Loading Registration Free COM Functions☆11Updated 4 years ago
- Yet another windows syscall library☆16Updated 4 years ago
- Reflective DLL Injection style process infector☆19Updated 6 years ago