This project is created for research into antivirus evasion by unhooking.
☆18Sep 2, 2021Updated 4 years ago
Alternatives and similar repositories for UserModeUnhooking
Users that are interested in UserModeUnhooking are comparing it to the libraries listed below
Sorting:
- Using fibers to execute shellcode in a local process via csharp☆28Jan 2, 2022Updated 4 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 2 years ago
- About C# loader that copies a chunk at the time of the shellcode in memory in a suspended process, rather that all at once☆13Jul 14, 2022Updated 3 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- ☆18Aug 15, 2021Updated 4 years ago
- bypass UAC even when configured to always notify user☆29Aug 31, 2021Updated 4 years ago
- collection of code snippets,windbg,python scripts and resources☆13Jul 11, 2022Updated 3 years ago
- A Generic WOW64 Process Blocker☆14Jul 16, 2021Updated 4 years ago
- ☆15Feb 9, 2022Updated 4 years ago
- Read Memory without ReadProcessMemory for Current Process☆92Feb 13, 2022Updated 4 years ago
- ☆26Dec 29, 2021Updated 4 years ago
- (Hellsgate|Halosgate|Tartarosgate)+Spoofing-Gate. Ensures that all systemcalls go through ntdll.dll☆45Mar 9, 2022Updated 3 years ago
- LoadLibrary for offensive operations☆33Dec 14, 2021Updated 4 years ago
- Hides processes from the windows task manager using IAT hooking.☆22Mar 30, 2021Updated 4 years ago
- Six cases demonstrating methods of optimizing GetProcAddress☆18Jan 3, 2022Updated 4 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- ☆52Dec 11, 2019Updated 6 years ago
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- ☆129Jun 28, 2023Updated 2 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Jan 6, 2023Updated 3 years ago
- just manipulatin these here tokens yes sir nothing weird☆22Apr 18, 2022Updated 3 years ago
- Caeser Cipher your shellcode!☆21Mar 11, 2022Updated 3 years ago
- LOLBINs that inject a DLL into a given process ID.☆139Nov 21, 2021Updated 4 years ago
- Injects shellcode into remote processes using direct syscalls☆77Dec 30, 2020Updated 5 years ago
- POC for frustrating/defeating Malware Analysts☆156Jun 12, 2022Updated 3 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆59May 23, 2022Updated 3 years ago
- MappingInjection via csharp☆40Nov 19, 2021Updated 4 years ago
- Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.☆129Apr 24, 2022Updated 3 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆95Jun 20, 2022Updated 3 years ago
- ☆246Dec 16, 2022Updated 3 years ago
- Small utility package for manipulating Windows process tokens☆26Apr 26, 2022Updated 3 years ago
- A small example of loading BOFs in Python with pure reflection☆19Jan 26, 2023Updated 3 years ago
- works but not work, cao!☆24Sep 4, 2021Updated 4 years ago
- ☆44Oct 16, 2023Updated 2 years ago
- LdrLoadDll Unhooking☆135Jan 16, 2022Updated 4 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆167Apr 22, 2022Updated 3 years ago
- Hijack Printconfig.dll to execute shellcode☆100Jan 15, 2021Updated 5 years ago