Overwrite a process's recovery callback and execute with WER
☆102Apr 17, 2022Updated 3 years ago
Alternatives and similar repositories for ARCInject
Users that are interested in ARCInject are comparing it to the libraries listed below
Sorting:
- Rewrote HellsGate in C# for fun and learning☆86Feb 10, 2022Updated 4 years ago
- Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.☆117Dec 26, 2021Updated 4 years ago
- C# version of MDSec's ParallelSyscalls☆141Jan 9, 2022Updated 4 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆501Jan 25, 2022Updated 4 years ago
- Process Ghosting in C#☆219Jan 24, 2022Updated 4 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- ☆208Apr 5, 2022Updated 3 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆554Dec 3, 2023Updated 2 years ago
- ☆81Feb 12, 2022Updated 4 years ago
- Nim version of MDSec's Parallel Syscall PoC☆123Jan 14, 2022Updated 4 years ago
- An implementation and proof-of-concept of Process Forking.☆230Nov 29, 2021Updated 4 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- some gadgets about windows process and ready to use :)☆611Oct 7, 2023Updated 2 years ago
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆138Jul 10, 2025Updated 7 months ago
- C# Utilities for Windows Notification Facility☆159Apr 14, 2025Updated 10 months ago
- Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.☆18Jan 21, 2022Updated 4 years ago
- One gate to all syscalls!☆23Mar 12, 2022Updated 3 years ago
- FrostByte is a POC project that combines different defense evasion techniques to build better redteam payloads☆385Apr 16, 2022Updated 3 years ago
- How to spoof the command line when spawning a new process from C#.☆110Dec 28, 2021Updated 4 years ago
- ☆94May 14, 2022Updated 3 years ago
- ☆61Feb 10, 2022Updated 4 years ago
- this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…☆88Jun 24, 2022Updated 3 years ago
- Detect strange memory regions and DLLs☆185Jan 20, 2022Updated 4 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆101Mar 27, 2022Updated 3 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆167Apr 22, 2022Updated 3 years ago
- Read Memory without ReadProcessMemory for Current Process☆92Feb 13, 2022Updated 4 years ago
- A PoC project for embedding shellcode to Hint/Name Table☆113May 16, 2022Updated 3 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Apr 10, 2022Updated 3 years ago
- Beacon Object File PoC implementation of KillDefender☆236Apr 12, 2022Updated 3 years ago
- NativePayload_CallBackTechniques C# Codes (Code Execution via Callback Functions Technique, without CreateThread Native API)☆118Jun 7, 2023Updated 2 years ago
- WIP shellcode loader in nim with EDR evasion techniques☆220Mar 30, 2022Updated 3 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆349Jul 3, 2022Updated 3 years ago
- Get fresh Syscalls from a fresh ntdll.dll copy☆235Jan 28, 2022Updated 4 years ago
- Leaked Windows processes handles identification tool☆291Mar 14, 2022Updated 3 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆147Jun 2, 2022Updated 3 years ago