abdullah2993 / go-runpe
execute a PE in the address space of another PE aka process hollowing
☆55Updated 3 years ago
Alternatives and similar repositories for go-runpe:
Users that are interested in go-runpe are comparing it to the libraries listed below
- Golang version of https://github.com/hasherezade/libpeconv☆27Updated 5 years ago
- Golang packer that use process hollowing☆17Updated 2 years ago
- Process Injection Techniques with Golang☆77Updated 4 years ago
- Evasive Process Hollowing Techniques☆139Updated 4 years ago
- Allow a Go process to dynamically load .NET assemblies☆148Updated 5 years ago
- Slui File Handler Hijack UAC Bypass Local Privilege Escalation☆92Updated 2 years ago
- A local LKM rootkit loader/dropper that lists available security mechanisms☆52Updated 3 years ago
- Reflectively load PE☆103Updated 4 years ago
- Reflective DLL loading of your favorite Golang program☆168Updated 5 years ago
- Process injection techniques written in Go.☆62Updated last year
- Go implementation of the Heaven's Gate technique☆98Updated 4 years ago
- PE Crypter written in Nim☆98Updated 4 years ago
- A PoC package for hosting the CLR and executing .NET from Go☆72Updated 9 months ago
- Shellcode library as a Go package☆70Updated 5 years ago
- C++ implant that interfaces with a SK8PARK server☆49Updated 3 years ago
- C++ function that will automagically unhook a specified Windows API☆62Updated 4 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆105Updated 4 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆134Updated 2 years ago
- A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2☆138Updated 2 years ago
- Automated compiler obfuscation for nim☆140Updated 2 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆116Updated 4 years ago
- Injects shellcode into remote processes using direct syscalls☆77Updated 4 years ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆64Updated 7 years ago
- Overwrite a process's recovery callback and execute with WER☆103Updated 3 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆156Updated 4 years ago
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆41Updated 4 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆96Updated 5 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆93Updated 3 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆121Updated 3 years ago
- A cross-platform C2/teamserver supporting multiple transport protocols, written in Go.☆45Updated 2 years ago