aaaddress1 / wowInjector
PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
☆158Updated 3 years ago
Related projects: ⓘ
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆100Updated 3 years ago
- Convert PE files to a shellcode☆73Updated 4 years ago
- Windows API Call Obfuscation☆86Updated last year
- PoC capable of detecting manual syscalls from usermode.☆176Updated 3 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆212Updated last year
- Load static-compiled PE from remote server.☆56Updated 2 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆79Updated last year
- Kill Protected Process Light Process (include av)☆55Updated last year
- ☆161Updated 2 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆102Updated 3 years ago
- NO WriteProcessMemory CreateRemoteThread APIs call shellcode injection☆27Updated 4 years ago
- Windows PE Signature Thief in C++☆47Updated 4 years ago
- Bypass UAC by abusing the Internet Explorer Add-on installer☆50Updated 3 years ago
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆40Updated 3 years ago
- shellcode-loaders and beacon-loaders☆63Updated 10 months ago
- Shellcode to load an appended Dll☆89Updated 3 years ago
- ☆179Updated 2 years ago
- ☆40Updated last year
- Silence EDRs by removing kernel callbacks☆220Updated 3 years ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆123Updated 2 years ago
- ☆87Updated this week
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆98Updated 2 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆193Updated 4 years ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆98Updated last year
- An implementation of an indirect system call☆99Updated last year
- Kernel file/process/object tool☆64Updated 3 years ago
- bring your own vulnerable driver☆66Updated last year
- Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode☆57Updated 3 years ago
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆147Updated 4 years ago