cod3nym / Ghosting-AMSILinks
Ghosting-AMSI
☆17Updated 3 months ago
Alternatives and similar repositories for Ghosting-AMSI
Users that are interested in Ghosting-AMSI are comparing it to the libraries listed below
Sorting:
- Adaptive DLL hijacking / dynamic export forwarding - EAT preserve☆78Updated last year
- A more reliable way of resolving syscall numbers in Windows☆53Updated last year
- Bypasses AMSI protection through remote memory patching and parsing technique.☆48Updated 3 months ago
- ☆76Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆40Updated 2 years ago
- ☆57Updated 10 months ago
- A synergized Visual Studio and Rust development environment☆19Updated 7 months ago
- ☆79Updated last year
- various methods of making API calls☆19Updated 6 months ago
- A simple commandline application to automatically decrypt strings from Obfuscator protected binaries☆46Updated last year
- ☆29Updated last year
- ☆59Updated last year
- ☆35Updated 4 months ago
- Blog/Journal on how to backdoor VSCode extensions☆73Updated last month
- RPC to WebClient startup☆34Updated last week
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆26Updated 4 months ago
- A Proof-of-Concept implementation of Reflective DLL Injection (RDI) specifically for Windows on ARM64. Demonstrates PEB access via the x1…☆25Updated 2 months ago
- A set of rootkit-like abilities for unprivileged users, and vulnerabilities based on the DOT-to-NT path conversion known issue☆99Updated last year
- macOS dylib stager☆36Updated 7 months ago
- Linux Sleep Obfuscation☆105Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆60Updated last year
- Find DLLs with RWX section☆81Updated 2 years ago
- A simple C++ Windows tool to get information about processes exposing named pipes.☆38Updated 5 months ago
- Sniffing files generator☆59Updated 6 months ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆50Updated 7 months ago
- A bunch of shenanigans using functions, VEH and more☆32Updated 2 months ago
- Demoting PPL anti-malware services to less than a guest user☆64Updated 6 months ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆89Updated last year
- Some of the presentations, workshops, and labs I gave at public conferences.☆33Updated 3 months ago
- ☆108Updated 9 months ago