Alternatives and similar repositories for iat_unhook_sample:

Users that are interested in iat_unhook_sample are comparing it to the libraries listed below

• NetSPI / BOF-PE
  An example reference design for a proposed BOF PE
  ☆160Updated last week
• mansk1es / GhostFart
  ☆135Updated last year
• NVISOsecurity / Interceptor
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
  ☆123Updated 2 years ago
• safedv / RustVEHSyscalls
  A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
  ☆142Updated 5 months ago
• lap1nou / CLR_Heap_encryption
  ☆98Updated last year
• klezVirus / RpcProxyInvoke
  Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
  ☆130Updated 8 months ago
• RedTeamOperations / VEH-PoC
  ☆115Updated 2 years ago
• 0prrr / Malwear-Sweet
  Malware?
  ☆69Updated 6 months ago
• Crypt0s / Ekko_CFG_Bypass
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆99Updated 2 years ago
• scrt / KexecDDPlus
  Exploiting the KsecDD Windows driver through Server Silos
  ☆66Updated 5 months ago
• Hagrid29 / BYOVDKit
  bring your own vulnerable driver
  ☆95Updated last year
• Kudaes / Dumpy
  Reuse open handles to dynamically dump LSASS.
  ☆243Updated last year
• xalicex / Killers
  Exploitation of process killer drivers
  ☆199Updated last year
• Hagrid29 / RemotePatcher
  Patch AMSI and ETW in remote process via direct syscall
  ☆81Updated 2 years ago
• xalicex / LOLDrivers_finder
  ☆82Updated last year
• mdsecactivebreach / ParallelSyscalls
  ☆164Updated 3 years ago
• capt-meelo / KernelCallbackTable-Injection
  Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
  ☆122Updated 3 years ago
• paranoidninja / Proxy-DLL-Loads
  The code is a pingback to the Dark Vortex blog:
  ☆173Updated 2 years ago
• 0xDeku / NiceKatz
  A nice process dumping tool
  ☆81Updated 2 years ago
• joaoviictorti / uwd
  Call Stack Spoofing for Rust with support #[no_std]
  ☆83Updated this week
• janoglezcampos / c_syscalls
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆134Updated 2 years ago
• SECFORCE / DLL-Hollow-PoC
  DLL Hollowing PoC - Remote and Self shellcode injection
  ☆79Updated 3 years ago
• YOLOP0wn / EchoDrv
  Exploitation of echo_driver.sys
  ☆169Updated last year
• uf0o / windows-ps-callbacks-experiments
  Files for http://blog.deniable.org/posts/windows-callbacks/
  ☆73Updated 3 years ago
• reveng007 / AMSI-patches-learned-till-now
  I have documented all of the AMSI patches that I learned till now
  ☆71Updated 3 weeks ago
• v1k1ngfr / EDRSnowblast_old
  This project is an EDRSandblast fork, adding some features and custom pieces of code.
  ☆12Updated last year
• CICADA8-Research / TypeLibWalker
  TypeLib persistence technique
  ☆114Updated 6 months ago
• passthehashbrowns / BOFMask
  ☆120Updated last year
• NtDallas / OdinLdr
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆114Updated 2 months ago
• outflanknl / macho-loader
  ☆81Updated 7 months ago