A small commented POC for removing API hooks placed by AV/EDR.
☆34Jun 12, 2020Updated 5 years ago
Alternatives and similar repositories for UnhookingPOC
Users that are interested in UnhookingPOC are comparing it to the libraries listed below
Sorting:
- Disable PPL via custom driver and dump lsass☆15Mar 13, 2021Updated 4 years ago
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆38Dec 13, 2020Updated 5 years ago
- Lightweight library which allows the ability to map both native and managed assemblies into memory by either using process injection of a…☆32May 1, 2020Updated 5 years ago
- A tool to create COM class/interface relationships in neo4j☆50Oct 12, 2022Updated 3 years ago
- Library for using direct system calls☆35Jan 30, 2025Updated last year
- Change up a binary's embedded resources with this little creature.☆36Mar 24, 2020Updated 5 years ago
- A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading☆84Nov 21, 2022Updated 3 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- Python script to obfuscate VBA (Virtual Basic for Applications) macros☆61Jan 11, 2020Updated 6 years ago
- Minimal Intervention and Software Transformation - PoC Packer designed for AV detection bypass☆18Nov 4, 2017Updated 8 years ago
- Universal Unhooking☆326Sep 19, 2018Updated 7 years ago
- Windows Application Loader Running *.Exe files in Memory against Scrylla☆21Dec 20, 2019Updated 6 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆53May 21, 2020Updated 5 years ago
- ☆41Jul 4, 2018Updated 7 years ago
- Process Hollowing for 32 bit and 64 bit☆79Nov 10, 2017Updated 8 years ago
- DInvisibleRegistry☆82Nov 20, 2020Updated 5 years ago
- Dll injector POC for new handle stealing technique☆21Oct 8, 2017Updated 8 years ago
- Research project for understanding how Mimikatz work and become better at C☆124Oct 22, 2021Updated 4 years ago
- ☆24Feb 1, 2025Updated last year
- ☆44Oct 16, 2023Updated 2 years ago
- Reflective DLL Injection style process infector☆20Jul 23, 2018Updated 7 years ago
- Strstr with user-supplied needle and filename as a BOF.☆32Sep 27, 2021Updated 4 years ago
- C++ function that will automagically unhook a specified Windows API☆62Oct 14, 2020Updated 5 years ago
- ☆78Aug 1, 2023Updated 2 years ago
- Hardened Proof of Concept of D/Invoke Process Injection malware☆42Jul 23, 2020Updated 5 years ago
- C# .NET Assembly for interacting with File Object DACLs☆45Apr 3, 2020Updated 5 years ago
- OpenHashAPI provides a secure method of communicating hashes and enables lightweight workflows for security practitioners and enthusiasts…☆13Oct 27, 2024Updated last year
- No one writes dumb malware anymore. This is a repo for dumb malware.☆10Apr 18, 2017Updated 8 years ago
- ☆67Dec 19, 2018Updated 7 years ago
- ☆31Jul 26, 2024Updated last year
- C# Implementation of Jared Atkinson's Get-InjectedThread.ps1☆54Jul 11, 2021Updated 4 years ago
- Python script to patch the reflective stub in a DLL☆24Apr 9, 2017Updated 8 years ago
- ☆21Jan 8, 2026Updated last month
- ☆11Feb 19, 2023Updated 3 years ago
- A collection of useful aggressor scripts. All credits due to its authors.☆12Jul 5, 2019Updated 6 years ago
- Etwti-UnhookPOC just for test☆12Aug 23, 2022Updated 3 years ago
- Loads a program into a memfd and runs it.☆11May 22, 2022Updated 3 years ago
- Dynamic native library loader for .NET☆11Jan 29, 2025Updated last year
- Repository to gather the BOF files I will be developing☆11Oct 1, 2024Updated last year