clod81 / loader_process_hollow_copy_in_chunkView external linksLinks
About C# loader that copies a chunk at the time of the shellcode in memory in a suspended process, rather that all at once
☆13Jul 14, 2022Updated 3 years ago
Alternatives and similar repositories for loader_process_hollow_copy_in_chunk
Users that are interested in loader_process_hollow_copy_in_chunk are comparing it to the libraries listed below
Sorting:
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- Windows Service with the implementation of the Process hollowing technique to run shellcode☆14Jul 20, 2023Updated 2 years ago
- Load CLR to get RWX 通过加载clr在自身内存中产生rwx空间☆22Sep 28, 2022Updated 3 years ago
- Bind shell that uses Named Pipes as transport and execute PowerShell code through Runspaces.☆16Sep 13, 2019Updated 6 years ago
- Phantom DLL Hollowing method implemented in modmap☆18Jun 9, 2021Updated 4 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 2 years ago
- XDNR is a X0R Cryptor along with DEC/N0T/R0R encoder plus random byte insertion encoder, that generates null free encrypted and encoded s…☆17Jul 12, 2022Updated 3 years ago
- BOF/COFF obj file to PIC(shellcode). by golang☆39Sep 28, 2022Updated 3 years ago
- This project is created for research into antivirus evasion by unhooking.☆18Sep 2, 2021Updated 4 years ago
- Change hash for a signed pe☆17Jul 18, 2023Updated 2 years ago
- Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器☆63Apr 29, 2024Updated last year
- ☆57Apr 19, 2023Updated 2 years ago
- That guy uses python to bypass anti-virus, goddamn!基于python pyd的shellcode免杀绕过☆65Jun 27, 2023Updated 2 years ago
- CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback☆68Sep 15, 2022Updated 3 years ago
- OwOwning with the Windows API Examples and Code. DEFCON Furs 2020 presentation.☆13Jan 18, 2024Updated 2 years ago
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆21Jul 9, 2022Updated 3 years ago
- A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback …☆14Oct 21, 2024Updated last year
- A multi coroutine concurrent batch URL survival detection tool written in Go, with concurrency determined by CPU by default.一个go编写的多协程并发批…☆12Jan 9, 2024Updated 2 years ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- 一个用于修改右键插件菜单层级的Burpsuite插件。A simple BurpSuite extension to change extension context menu level.☆30Feb 4, 2024Updated 2 years ago
- Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.☆129Apr 24, 2022Updated 3 years ago
- A simple C2 using Google Translate Webpage for data evasion☆12Jan 30, 2023Updated 3 years ago
- 复刻棱眼,对收集到的域名进行反查ip的功能,再将ip整理成c段☆12Nov 7, 2024Updated last year
- 简单版的PE加载器☆12Aug 11, 2020Updated 5 years ago
- Freeze is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls, and alternative execution methods☆14Sep 30, 2022Updated 3 years ago
- A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation☆38Dec 7, 2025Updated 2 months ago
- Using fibers to execute shellcode in a local process via csharp☆28Jan 2, 2022Updated 4 years ago
- Thanks to @d35ha☆13Aug 16, 2021Updated 4 years ago
- C# API for Nidhogg rootkit☆21Apr 25, 2024Updated last year
- This repo contains code of JScript .NET which can be used as alternative to csc.exe to run potentially malicious code, which ships in all…☆13Nov 8, 2019Updated 6 years ago
- Control Panel and Builder (Working)☆10Apr 15, 2017Updated 8 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- bypass UAC even when configured to always notify user☆29Aug 31, 2021Updated 4 years ago
- Kill Protected Process Light Process (include av)☆58Sep 15, 2023Updated 2 years ago
- Golang implementation of Reflective load PE from memory☆64Jan 10, 2022Updated 4 years ago
- Crypter thingy I made for avoiding automated anti-malware environments. This is to be used for EDUCATIONAL PURPOSES ONLY.☆12Sep 6, 2019Updated 6 years ago
- ☆14Feb 2, 2021Updated 5 years ago
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- Remote Administration Tool, Server Written in C# and Client Written in C++☆15Dec 8, 2022Updated 3 years ago