abdullah2993 / go-runpeLinks
execute a PE in the address space of another PE aka process hollowing
☆55Updated 3 years ago
Alternatives and similar repositories for go-runpe
Users that are interested in go-runpe are comparing it to the libraries listed below
Sorting:
- Golang version of https://github.com/hasherezade/libpeconv☆27Updated 5 years ago
- Golang packer that use process hollowing☆18Updated 3 years ago
- Slui File Handler Hijack UAC Bypass Local Privilege Escalation☆92Updated 3 years ago
- Evasive Process Hollowing Techniques☆139Updated 4 years ago
- A local LKM rootkit loader/dropper that lists available security mechanisms☆52Updated 3 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆105Updated 4 years ago
- Allow a Go process to dynamically load .NET assemblies☆149Updated 5 years ago
- Reflective DLL loading of your favorite Golang program☆169Updated 5 years ago
- C++ function that will automagically unhook a specified Windows API☆62Updated 4 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆121Updated 3 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆96Updated 5 years ago
- A PoC package for hosting the CLR and executing .NET from Go☆74Updated 10 months ago
- Reflectively load PE☆103Updated 4 years ago
- Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.☆84Updated 5 years ago
- C++ implant that interfaces with a SK8PARK server☆49Updated 3 years ago
- Use NT Native Registry API to create a registry that normal user can not query.☆92Updated 7 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆121Updated 5 years ago
- This is a C# implementation of making a process/executable run as NT AUTHORITY/SYSTEM. This is achieved through parent ID spoofing of alm…☆107Updated 2 years ago
- A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2☆139Updated 2 years ago
- Overwrite a process's recovery callback and execute with WER☆103Updated 3 years ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆64Updated 7 years ago
- Injects shellcode into remote processes using direct syscalls☆78Updated 4 years ago
- Process injection techniques written in Go.☆62Updated last year
- Process Injection Techniques with Golang☆77Updated 5 years ago
- Go implementation of the Heaven's Gate technique☆98Updated 4 years ago
- PoC MSVC COFF Object file loader/injector.☆177Updated 4 years ago
- Example code for using named pipe output with beacon ReflectiveDLLs☆119Updated 4 years ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆52Updated 3 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆93Updated 3 years ago
- Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process☆232Updated 4 years ago