SolomonSklash / UnhookingPOC
A small commented POC for removing API hooks placed by AV/EDR.
☆34Updated 4 years ago
Alternatives and similar repositories for UnhookingPOC:
Users that are interested in UnhookingPOC are comparing it to the libraries listed below
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆40Updated 4 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆93Updated 3 years ago
- A simple COM server which provides a component to run shellcode☆133Updated 4 years ago
- Loads .NET Assembly Via CLR Loader☆16Updated 6 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆54Updated 2 years ago
- ☆61Updated 3 years ago
- CSharp Writeups for HackSys Extreme Vulnerable Driver☆43Updated 3 years ago
- ☆39Updated 3 years ago
- ☆14Updated 3 years ago
- A C port of b33f's UrbanBishop☆38Updated 4 years ago
- Extended Process List (Search functionality)☆29Updated 4 years ago
- C++ implant that interfaces with a SK8PARK server☆49Updated 3 years ago
- ☆36Updated 3 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆61Updated 4 months ago
- My experience using Windows API for offensive purposes☆17Updated 3 years ago
- ☆21Updated 3 years ago
- ☆50Updated 4 years ago
- all credits go to @mgeeky☆64Updated 3 years ago
- ☆31Updated 4 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆52Updated 4 years ago
- ☆15Updated 4 years ago
- ☆18Updated 3 years ago
- Covenant is a collaborative .NET C2 framework for red teamers.☆22Updated 4 years ago
- C++ function that will automagically unhook a specified Windows API☆62Updated 4 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆31Updated 2 years ago
- ☆82Updated 3 years ago
- Disable PPL via custom driver and dump lsass☆15Updated 4 years ago
- Initial Commit of Coresploit☆56Updated 3 years ago
- ☆24Updated 3 years ago
- A simple Linux in-memory .so loader☆29Updated 2 years ago