adamhlt / Process-Hollowing
Process Hollowing in C++ (x86 / x64) - Process PE image replacement
☆118Updated last year
Related projects: ⓘ
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆150Updated last year
- Various Process Injection Techniques☆141Updated 2 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆214Updated 2 months ago
- ☆212Updated last week
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆415Updated 2 years ago
- manual map unsigned driver over signed memory☆152Updated 5 months ago
- Bypassing PatchGuard on modern x64 systems☆238Updated last year
- Create a new thread that will suspend every thread and encrypt its stack, then going to sleep , then decrypt the stacks and resume thread…☆152Updated last year
- Lenovo Diagnostics Driver EoP - Arbitrary R/W☆168Updated last year
- Process Injection using Thread Name☆228Updated 3 weeks ago
- An easily modifiable shellcode template for Windows x64 written in C☆191Updated last year
- PoC capable of detecting manual syscalls from usermode.☆176Updated 3 years ago
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆117Updated 3 months ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆172Updated last year
- Controlling Windows PP(L)s☆256Updated last year
- Windows handle hijacker☆198Updated last year
- State of the art DLL injector that took 20 minutes to make☆195Updated last year
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆431Updated last year
- Load your driver like win32k.sys☆242Updated 2 years ago
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆162Updated last year
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆227Updated last year
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆147Updated 2 years ago
- Custom GetProcAddress, GetModuleHandleA and some dbghelp.dll functions☆81Updated 5 years ago
- Simple Kernelmode DLL Injector with Manual mapping☆225Updated 9 months ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆154Updated 8 months ago
- Detects virtual machines and malware analysis environments☆109Updated last year
- Admin to Kernel code execution using the KSecDD driver☆232Updated 5 months ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆206Updated last year
- Security product hook detection☆305Updated 3 years ago
- Windows x64 kernel mode rootkit process hollowing POC.☆180Updated last year