clod81 / loader_process_hollow_copy_in_chunk
About C# loader that copies a chunk at the time of the shellcode in memory in a suspended process, rather that all at once
☆12Updated 2 years ago
Alternatives and similar repositories for loader_process_hollow_copy_in_chunk:
Users that are interested in loader_process_hollow_copy_in_chunk are comparing it to the libraries listed below
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Updated 3 years ago
- This project is created for research into antivirus evasion by unhooking.☆15Updated 3 years ago
- Golang wrapper for the Microsoft Antimalware Scan Interface (AMSI)☆11Updated 2 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆14Updated 2 years ago
- Simple .NET profiler shellcode loader☆10Updated 2 years ago
- SyscallLoader☆10Updated 3 years ago
- Ntdll Unhooking POC☆19Updated 2 years ago
- ComObject Shellcode Loader with fake return address☆12Updated 3 years ago
- Thanks to @d35ha☆13Updated 3 years ago
- DLL Unhooking☆12Updated 3 years ago
- impersonate trustedinstaller by fiddling with tokens☆17Updated 3 years ago
- Example of async client/server sockets in .NET 5☆16Updated 3 years ago
- Windows Persistence Collection☆12Updated 3 years ago
- ☆18Updated 3 years ago
- ☆11Updated 2 years ago
- ☆9Updated last year
- ☆11Updated 2 years ago
- Cobalt Strike Malleable Profile Inline Patch Template: A Position Independent Code (PIC) Code Template For Creating Shellcode That Can Be…☆39Updated 4 years ago
- BOF/COFF obj file to PIC(shellcode). by golang☆37Updated 2 years ago
- Windows 7/2008 R2 EoP☆13Updated 4 years ago
- Use current thread token to execute command☆15Updated 4 years ago
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆21Updated 4 years ago
- VEH hook☆11Updated 3 years ago
- 寻找可注入进程☆13Updated 4 years ago
- ☆19Updated 3 years ago
- Terminate the eventlog thread to disable the windows eventlog☆20Updated 4 years ago
- Collection of self-made Red Team tools that have come in handy☆11Updated 5 months ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆22Updated last year
- 针对于AzureAttestService服务的本地提权Eop,微软表示已经进行修复☆2Updated 2 years ago
- unhook etw by golang☆10Updated 3 years ago