ZeroMemoryEx / Hooks_Hunter
Detect API Hooks
☆67Updated 2 years ago
Related projects: ⓘ
- user-mode Rootkit☆98Updated last year
- x86 Trampoline Hook☆36Updated 2 years ago
- Thread Execution Hijacking technique☆34Updated 2 years ago
- Bypass Malware Time Delays☆96Updated last year
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆100Updated 11 months ago
- ☆24Updated this week
- Detours implementation (x64/x86) which used only ntdll import☆85Updated 3 months ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆131Updated last year
- kernel to user mode APC injector☆43Updated 2 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆79Updated last year
- Dll injection through code page id modification in registry. Based on jonas lykk research☆116Updated last year
- Windows handle hijacker☆198Updated last year
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆56Updated last year
- Scan for potentially vulnerable drivers☆79Updated 2 years ago
- 2022 Updated Kernelmode-Code☆29Updated 5 months ago
- Listing UDP connections with remote address without sniffing.☆30Updated 11 months ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year
- Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware☆23Updated 4 years ago
- A Bumblebee-inspired Crypter☆79Updated last year
- POC of a better implementation of GetProcAddress for ntdll using binary search☆93Updated 5 months ago
- Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html☆97Updated 2 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆98Updated 2 years ago
- PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.☆138Updated this week
- spoof return address☆68Updated last year
- Kernel Mode Driver for Elevating Process Privileges☆129Updated last year
- Malware AV evasion via disable Windows Defender (Registry). C++☆32Updated 2 years ago
- Next gen process injection technique☆41Updated 4 years ago
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆31Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆91Updated last year
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆162Updated last year