SolomonSklash / UnhookingPOC
A small commented POC for removing API hooks placed by AV/EDR.
☆33Updated 4 years ago
Alternatives and similar repositories for UnhookingPOC:
Users that are interested in UnhookingPOC are comparing it to the libraries listed below
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 4 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Updated 3 years ago
- ☆37Updated 3 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 3 years ago
- ☆50Updated 4 years ago
- A simple COM server which provides a component to run shellcode☆132Updated 4 years ago
- Extended Process List (Search functionality)☆29Updated 3 years ago
- Loads .NET Assembly Via CLR Loader☆15Updated 5 years ago
- A C port of b33f's UrbanBishop☆38Updated 4 years ago
- ☆14Updated 2 years ago
- A tool to create COM class/interface relationships in neo4j☆47Updated 2 years ago
- ☆36Updated 3 years ago
- ☆18Updated 3 years ago
- ☆54Updated 3 years ago
- C++ implant that interfaces with a SK8PARK server☆47Updated 3 years ago
- Demos of Donut used in conferences, etc. Mostly for my use, but free for others to use as a reference.☆31Updated 5 years ago
- ☆59Updated 2 years ago
- ☆80Updated 2 years ago
- An example of COM hijacking using a proxy DLL.☆25Updated 3 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆60Updated last month
- ☆31Updated 4 years ago
- ☆46Updated 3 years ago
- aggressor and pycobalt scripts.☆18Updated 4 years ago
- A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.☆47Updated 3 years ago
- all credits go to @mgeeky☆59Updated 3 years ago
- Covenant is a collaborative .NET C2 framework for red teamers.☆22Updated 4 years ago
- A BOF to interact with COM objects associated with the Windows software firewall.☆101Updated 3 years ago