brosck / APIHookingDetectorLinks
「⚙️」Detect which native Windows API's (NtAPI) are being hooked
☆38Updated 9 months ago
Alternatives and similar repositories for APIHookingDetector
Users that are interested in APIHookingDetector are comparing it to the libraries listed below
Sorting:
- ☆47Updated 2 years ago
- ☆60Updated last year
- ☆58Updated 11 months ago
- in-process powershell runner for BRC4☆47Updated last year
- malleable profile generator GUI for Havoc☆55Updated 2 years ago
- Proxy function calls through the thread pool with ease☆29Updated 7 months ago
- .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…☆44Updated last year
- Sniffing files generator☆59Updated 7 months ago
- ☆37Updated 6 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated last year
- Creation and removal of Defender path exclusions and exceptions in C#.☆31Updated last year
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆23Updated 2 years ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆26Updated last year
- Python module for running BOFs☆72Updated 2 years ago
- A pure C version of SymProcAddress☆29Updated last year
- Collection of shellcode injection techniques packed in a D/Invoke weaponized DLL☆22Updated 3 years ago
- Run Cobalt Strike BOFs in Brute Ratel C4!☆71Updated 5 months ago
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- Some of the presentations, workshops, and labs I gave at public conferences.☆34Updated 3 weeks ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆40Updated 2 years ago
- ☆48Updated 2 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆22Updated 2 years ago
- Rewrite to fit my needs☆31Updated last year
- miscellaneous codes☆34Updated 2 years ago
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆47Updated 2 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Updated 8 months ago
- Example of using Sleep to create better named pipes.☆41Updated 2 years ago
- string/file/shellcode encryptor using AES/XOR☆11Updated last year
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆37Updated 5 months ago
- EvtPsst☆55Updated last year