GhostWriting Injection Technique.
☆196Mar 26, 2018Updated 7 years ago
Alternatives and similar repositories for GhostWriting
Users that are interested in GhostWriting are comparing it to the libraries listed below
Sorting:
- A process injection technique using only thread context manipulation☆41Dec 18, 2023Updated 2 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- A simple Linux in-memory .so loader☆33Mar 29, 2023Updated 2 years ago
- Finding Truth in the Shadows☆125Jan 26, 2023Updated 3 years ago
- Sample Rust Hooking Engine☆36Apr 5, 2024Updated last year
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆185Aug 2, 2023Updated 2 years ago
- Next gen process injection technique☆54Jul 9, 2020Updated 5 years ago
- Aims to identify sleeping beacons☆663Jan 25, 2026Updated last month
- In-memory hiding technique☆63Jan 5, 2025Updated last year
- Linux Sleep Obfuscation☆112Jan 7, 2024Updated 2 years ago
- C++ self-Injecting dropper based on various EDR evasion techniques.�☆426Feb 11, 2024Updated 2 years ago
- ROP-based sleep obfuscation to evade memory scanners☆379Jun 22, 2025Updated 9 months ago
- PoC module to demonstrate automated lateral movement with the Havoc C2 framework.☆309Dec 9, 2023Updated 2 years ago
- A collection of position independent coding resources☆109Nov 15, 2025Updated 4 months ago
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆112Mar 25, 2024Updated last year
- Threadless Process Injection through entry point hijacking☆351Sep 10, 2024Updated last year
- ☆44Oct 16, 2023Updated 2 years ago
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆407Sep 12, 2023Updated 2 years ago
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆359Sep 1, 2022Updated 3 years ago
- ☆108Aug 21, 2024Updated last year
- NINA: No Injection, No Allocation x64 Process Injection Technique☆227Jun 9, 2020Updated 5 years ago
- Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity☆34Apr 26, 2024Updated last year
- Threadless shellcode injection tool☆68Aug 5, 2024Updated last year
- Rust implementation of phantom persistence technique documented in https://blog.phantomsec.tools/phantom-persistence☆63Jun 23, 2025Updated 8 months ago
- The Definitive Guide To Process Cloning on Windows☆543Jan 3, 2024Updated 2 years ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆593Aug 2, 2025Updated 7 months ago
- An In-memory Embedding of CPython☆31May 24, 2021Updated 4 years ago
- Indirect syscalls + DInvoke made simple.☆95Dec 24, 2024Updated last year
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆500Feb 3, 2022Updated 4 years ago
- Tools for analyzing EDR agents☆278Jun 10, 2024Updated last year
- Cobalt Strike UDRL for memory scanner evasion.☆1,008Jun 4, 2024Updated last year
- Move CS beacon to GPU memory when sleeping☆251Nov 19, 2021Updated 4 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆928Jul 20, 2024Updated last year
- Heap encryption in Nim☆20Aug 25, 2024Updated last year
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- A shellcode function to encrypt a running process image when sleeping.☆339Sep 11, 2021Updated 4 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆559Apr 8, 2025Updated 11 months ago
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆190Mar 4, 2024Updated 2 years ago
- An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities☆63Aug 25, 2022Updated 3 years ago