☆59Feb 19, 2026Updated last month
Alternatives and similar repositories for hypervinject-poc
Users that are interested in hypervinject-poc are comparing it to the libraries listed below
Sorting:
- A lexer and parser for Sleep☆20Feb 20, 2026Updated last month
- WinDbg plugin to trace module transitions from a debugged driver.☆47Dec 22, 2025Updated 2 months ago
- ntoskrnl .data hooks for UM-KM communication☆54May 26, 2024Updated last year
- Shellcode capable of bypassing EAF / IAF mitigations☆28Apr 11, 2023Updated 2 years ago
- An example of how to use Microsoft Windows Warbird technology☆97Apr 23, 2023Updated 2 years ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆140Aug 31, 2025Updated 6 months ago
- break link between dll and it file on disk☆12Sep 2, 2024Updated last year
- Threadless Injection Payload Toolkit☆12Oct 12, 2023Updated 2 years ago
- PrimitiveInjection by using Read, Write and Allocation Primitives.☆53Jun 21, 2025Updated 9 months ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆77Sep 8, 2025Updated 6 months ago
- Proof-of-concept implementation of AI-enabled postex DLLs☆54Sep 10, 2025Updated 6 months ago
- ☆61Oct 24, 2025Updated 4 months ago
- Resolve offsets, gadgets and symbols from NTKernel☆56Jan 15, 2026Updated 2 months ago
- Rewrite and obfuscate code in compiled binaries☆274Dec 13, 2025Updated 3 months ago
- Blog/Journal on how to backdoor VSCode extensions☆78Feb 24, 2026Updated 3 weeks ago
- ☆87Jan 21, 2025Updated last year
- ☆42Feb 18, 2025Updated last year
- BOF to decrypt Signal Desktop chat logs☆70Feb 20, 2025Updated last year
- One-header configurable C++20 COFF loader☆21Jul 21, 2025Updated 8 months ago
- Identify common EDR processes, directories, and services. Simple BOF of Invoke-EDRChecker.☆133Oct 4, 2024Updated last year
- MIPS VM to execute payloads without allocating executable memory. Based on a PlayStation 1 (PSX) Emulator.☆126Dec 6, 2024Updated last year
- call gates as stable comunication channel for NT x86 and Linux x86_64☆32Aug 11, 2023Updated 2 years ago
- Cobalt Strike BOF for evasive .NET assembly execution☆309Mar 31, 2025Updated 11 months ago
- Shellcode Loader Utilizing ETW Events☆66Feb 26, 2025Updated last year
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 7 months ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 11 months ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- ☆18Jun 10, 2025Updated 9 months ago
- NSecSoftBYOVD POC☆58Feb 12, 2026Updated last month
- ☆410Dec 8, 2024Updated last year
- Intel 64/Windows low-level experiments☆63Aug 25, 2025Updated 6 months ago
- List the ETW provider(s) in the registration table of a process.☆80Sep 20, 2023Updated 2 years ago
- Beacon Object File (BOF) to obtain Entra tokens via authcode flow.☆124Jan 17, 2026Updated 2 months ago
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆61Oct 19, 2024Updated last year
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- An advanced utility for converting Windows Portable Executable (PE) files to position-independent code (PIC) shellcode. It enables execut…☆66Mar 1, 2025Updated last year
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆154Nov 23, 2025Updated 3 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆44Oct 11, 2025Updated 5 months ago