coldpon / ring3-hidden
Hide processes, files, services in Windows ring3
☆21Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for ring3-hidden
- An implementation of an indirect system call☆116Updated last year
- shellcode生成框架☆80Updated 4 months ago
- vehsyscall:a syscall project that may bypass EDR☆46Updated 8 months ago
- A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.☆33Updated 2 months ago
- IDA Python script for generating Windows x86 shellcode with one click☆35Updated last year
- Load static-compiled PE from remote server.☆58Updated 2 years ago
- Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&☆52Updated this week
- bring your own vulnerable driver☆81Updated last year
- 简单安排一下 autochk.sys 这个rootkit☆67Updated last year
- ☆20Updated last year
- Kill Protected Process Light Process (include av)☆54Updated last year
- Beacon compiled using clang☆59Updated last year
- 利用物理内存映射,实现虚拟内存的伪隐藏☆73Updated 2 years ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆33Updated 6 months ago
- ☆27Updated last year
- 32 bit process inject shellcode to 32 bit process and 64 bit process☆28Updated last year
- Abuse Xwizard.exe for DLL Side-Loading☆83Updated last year
- windwos内核研究与驱动Code☆60Updated 2 years ago
- power-kill is a project that kill protected processes (such as EDR or AV) by injecting shellcode into high privilege processes☆46Updated 3 years ago
- 通杀检测基于白文件patch黑代码的免杀技术的后门☆101Updated 3 months ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆96Updated last year
- Use COM Component Bypass UAC,Dll Version☆32Updated 3 years ago
- https://key08.com/index.php/2021/10/19/1375.html☆62Updated 2 years ago
- ShadeLoader is a shellcode loader designed to bypass most antivirus software. 壳代码, 杀毒软件, 绕过☆38Updated 3 months ago
- Windows API Call Obfuscation☆93Updated last year
- Process Injection via Component Object Model (COM) IRundown::DoCallback().☆54Updated last year
- Simple Shellcode Loader Using 'Syscall' 'Detours' 'Simple hijacking Shellcode' 'Dynamic Function' to ByPass☆15Updated 8 months ago
- 内存加载DLL 支持X86和X64(Memory PELoader Support X86 and X64)☆30Updated last year