aaaddress1 / wowGrailView external linksLinks
PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
☆109May 27, 2021Updated 4 years ago
Alternatives and similar repositories for wowGrail
Users that are interested in wowGrail are comparing it to the libraries listed below
Sorting:
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆167May 27, 2021Updated 4 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 2 years ago
- ☆206Apr 5, 2022Updated 3 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- A simple COM server which provides a component to run shellcode☆149May 12, 2020Updated 5 years ago
- Headers for linking your software with ntdll.dll☆15Nov 4, 2020Updated 5 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- Security product hook detection☆323Mar 30, 2021Updated 4 years ago
- PoC MSVC COFF Object file loader/injector.☆186Mar 19, 2021Updated 4 years ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆143May 10, 2022Updated 3 years ago
- some gadgets about windows process and ready to use :)☆610Oct 7, 2023Updated 2 years ago
- Experiment on reproducing Obfuscate & Sleep☆160Mar 14, 2021Updated 4 years ago
- ☆62Feb 10, 2022Updated 4 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- ☆82Feb 12, 2022Updated 4 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- Hijack Printconfig.dll to execute shellcode☆100Jan 15, 2021Updated 5 years ago
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆150Sep 16, 2020Updated 5 years ago
- Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that b…☆219Jul 14, 2021Updated 4 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆63Aug 21, 2024Updated last year
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆498Feb 3, 2022Updated 4 years ago
- ☆113Oct 10, 2022Updated 3 years ago
- You shall pass☆271Jul 16, 2022Updated 3 years ago
- LoadLibrary for offensive operations☆1,174Oct 22, 2021Updated 4 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆373May 24, 2022Updated 3 years ago
- �☆274Jan 14, 2023Updated 3 years ago
- ☆26Dec 29, 2021Updated 4 years ago
- Evasive Process Hollowing Techniques☆142Aug 16, 2020Updated 5 years ago
- ☆147Oct 29, 2024Updated last year
- Abusing exceptions for code execution.☆113Jan 30, 2023Updated 3 years ago
- Executes 64bit code from a 32bit process☆241Jul 23, 2017Updated 8 years ago
- ☆169Jan 7, 2022Updated 4 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆123Mar 25, 2022Updated 3 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆121Jun 24, 2020Updated 5 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆587Jan 24, 2023Updated 3 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆819Mar 11, 2021Updated 4 years ago
- ☆101Mar 31, 2022Updated 3 years ago