call-042PE / UCantSeeM3Links
Hiding your process in ProcessHacker,Task Manager,etc by patching NtQuerySystemInformation
☆88Updated 4 years ago
Alternatives and similar repositories for UCantSeeM3
Users that are interested in UCantSeeM3 are comparing it to the libraries listed below
Sorting:
- A Bumblebee-inspired Crypter☆78Updated 2 years ago
- A string obfuscator for .NET apps, built to evade static string analysis.☆109Updated 2 years ago
- AmsiScanBufferBypass using D/Invoke☆136Updated 4 years ago
- Extracting Syscall Stub, Modernized☆66Updated 3 years ago
- Bypassing windows uac, however its an old approach/method but its still unpatched ¯\_(ツ)_/¯☆44Updated 4 years ago
- 💻 Windows 10 Kernel-mode rootkit☆32Updated 3 years ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆53Updated 4 years ago
- Overwrite a process's recovery callback and execute with WER�☆103Updated 3 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 4 years ago
- A small tool I made to dump the export table of PE files. The primary use case was intended for use within DLL proxying.☆71Updated 3 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆139Updated 2 years ago
- How to spoof the command line when spawning a new process from C#.☆110Updated 3 years ago
- (Sim)ulate (Ba)zar Loader☆29Updated 5 years ago
- Evasive Process Hollowing Techniques☆142Updated 5 years ago
- ☆41Updated 4 years ago
- From directory deletion to SYSTEM shell☆111Updated 5 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆74Updated 4 years ago
- Bypass UAC by abusing the Internet Explorer Add-on installer☆55Updated 4 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆97Updated 6 years ago
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated 3 years ago
- Deleting Shadow Copies In Pure C++☆116Updated 3 years ago
- 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"☆40Updated 4 years ago
- ☆16Updated 4 years ago
- A Poc on blocking Procmon from monitoring network events☆108Updated 3 months ago
- Injects shellcode into remote processes using direct syscalls☆77Updated 4 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆90Updated 2 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆114Updated 4 years ago
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆111Updated 2 years ago
- Easy XOR string encryption for NET based binaries☆140Updated 2 years ago
- ☆83Updated last year