This project is created for research into antivirus evasion by unhooking.
☆18Sep 2, 2021Updated 4 years ago
Alternatives and similar repositories for UserModeUnhooking
Users that are interested in UserModeUnhooking are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 3 years ago
- Using fibers to execute shellcode in a local process via csharp☆28Jan 2, 2022Updated 4 years ago
- bypass UAC even when configured to always notify user☆29Aug 31, 2021Updated 4 years ago
- ☆15Feb 9, 2022Updated 4 years ago
- ☆26Dec 29, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- collection of code snippets,windbg,python scripts and resources☆13Jul 11, 2022Updated 3 years ago
- LoadLibrary for offensive operations☆33Dec 14, 2021Updated 4 years ago
- ☆18Aug 15, 2021Updated 4 years ago
- About C# loader that copies a chunk at the time of the shellcode in memory in a suspended process, rather that all at once☆13Jul 14, 2022Updated 3 years ago
- A Generic WOW64 Process Blocker☆14Jul 16, 2021Updated 4 years ago
- (Hellsgate|Halosgate|Tartarosgate)+Spoofing-Gate. Ensures that all systemcalls go through ntdll.dll☆45Mar 9, 2022Updated 4 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- Read Memory without ReadProcessMemory for Current Process☆92Feb 13, 2022Updated 4 years ago
- ☆128Jun 28, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- ☆52Dec 11, 2019Updated 6 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆86Jan 6, 2023Updated 3 years ago
- Injects shellcode into remote processes using direct syscalls☆76Dec 30, 2020Updated 5 years ago
- wtftp.py is a tool to attack Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).☆33Jan 22, 2026Updated 3 months ago
- LOLBINs that inject a DLL into a given process ID.☆139Nov 21, 2021Updated 4 years ago
- OwOwning with the Windows API Examples and Code. DEFCON Furs 2020 presentation.☆13Jan 18, 2024Updated 2 years ago
- ☆44Oct 16, 2023Updated 2 years ago
- ☆131Jun 28, 2023Updated 2 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- ☆75Feb 4, 2024Updated 2 years ago
- Caeser Cipher your shellcode!☆21Mar 11, 2022Updated 4 years ago
- ☆13Jun 3, 2020Updated 5 years ago
- ☆246Dec 16, 2022Updated 3 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆59May 23, 2022Updated 3 years ago
- Six cases demonstrating methods of optimizing GetProcAddress☆19Jan 3, 2022Updated 4 years ago
- Research into COM☆19Jan 25, 2020Updated 6 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆167Apr 22, 2022Updated 4 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Beacon Object File implementation of Yaxser's Backstab☆15Mar 9, 2022Updated 4 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆95Jun 20, 2022Updated 3 years ago
- Beacon Object File implementation of Event Viewer deserialization UAC bypass☆133May 6, 2022Updated 3 years ago
- POC for frustrating/defeating Malware Analysts☆156Jun 12, 2022Updated 3 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆38Jul 27, 2021Updated 4 years ago
- Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.☆115Jun 7, 2021Updated 4 years ago
- Use CMSTP.exe to bypass UAC.☆52Jun 24, 2022Updated 3 years ago