aaaddress1 / SignThief
Windows PE Signature Thief in C++
☆50Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for SignThief
- Convert PE files to a shellcode☆73Updated 4 years ago
- Load static-compiled PE from remote server.☆58Updated 2 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆78Updated last year
- Windows API Call Obfuscation☆93Updated last year
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆160Updated 3 years ago
- shellcode-loaders and beacon-loaders☆63Updated last year
- Kill Protected Process Light Process (include av)☆54Updated last year
- IAT-Obfuscation to make static analysis of executable harder.☆41Updated 3 years ago
- HTTPS GET RAT and Memory Loader☆25Updated 2 years ago
- bring your own vulnerable driver☆81Updated last year
- NO WriteProcessMemory CreateRemoteThread APIs call shellcode injection☆28Updated 4 years ago
- Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html☆99Updated 2 years ago
- ☆44Updated last year
- ☆20Updated last year
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆40Updated 3 years ago
- User Mode Windows Rootkit☆54Updated 10 months ago
- Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&☆52Updated this week
- Next gen process injection technique☆42Updated 4 years ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆102Updated 3 years ago
- A x64 PE Packer/Protector Developed in C++ and VisualStudio☆50Updated last year
- A rework of CMLuaUtil AutoElevated☆23Updated 2 years ago
- Botnet system from deep-web Russians forums. Tiny Nuke!☆88Updated 7 years ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆95Updated last year
- Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume thread…☆156Updated last year
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated last year
- ☆22Updated last year
- CVE-2022-3699 with arbitrary kernel code execution capability☆70Updated last year
- Bypass UAC by abusing the Internet Explorer Add-on installer☆50Updated 3 years ago