Alternatives and similar repositories for Introduction-to-Process-Hollowing

Users that are interested in Introduction-to-Process-Hollowing are comparing it to the libraries listed below

• RedSiege / What-The-F
  This repo hosts a poc of how to execute F# code within an unmanaged process
  ☆70Updated last year
• Helixo32 / SimpleEDR
  Simple EDR that injects a DLL into a process to place a hook on specific Windows API
  ☆96Updated 2 years ago
• HuskyHacks / the-crown-defcon615
  Repo for The Crown: Exploratory Analysis of Nim Malware DEF CON 615 talk
  ☆46Updated 4 years ago
• Pascal-0x90 / sideloadr
  Small Python tool to do DLL Sideloading (and consequently, other DLL attacks).
  ☆58Updated 3 years ago
• itaymigdal / GhostNap
  Sleep obfuscation for shellcode implants and their reflective shit
  ☆53Updated 2 years ago
• vatsalgupta67 / Process-Hollowing
  Red Team Operation's Defense Evasion Technique.
  ☆56Updated last year
• daddycocoaman / dumpscan
  Finding secrets in kernel and user memory
  ☆116Updated 2 years ago
• ScriptIdiot / SysmonQuiet
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆92Updated 3 years ago
• frkngksl / NimicStack
  NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs
  ☆96Updated 3 years ago
• frkngksl / ParallelNimcalls
  Nim version of MDSec's Parallel Syscall PoC
  ☆124Updated 4 years ago
• zimnyaa / xyrella
  PoC XLL builder in Python/Nim
  ☆49Updated 3 years ago
• mgeeky / msi-shenanigans
  Proof of Concept code and samples presenting emerging threat of MSI installer files.
  ☆90Updated 3 years ago
• RenderZ0n3 / Malware-Development
  ☆10Updated 2 years ago
• assume-breach / Malware_Project
  ☆33Updated 3 years ago
• outflanknl / Training-MSOfficeOffensiveTradecraft
  Info related to the Outflank training: Microsoft Office Offensive Tradecraft
  ☆52Updated last year
• boku7 / Nobelium-PdfDLRunAesShellcode
  A recreation of the "Nobelium" malware based on Microsofts Malware analysis - Part 1: PDF2Pwn
  ☆101Updated 2 years ago
• ZeroMemoryEx / SleepKiller
  Bypass Malware Time Delays
  ☆108Updated 3 years ago
• itaymigdal / PichichiH0ll0wer
  Nim process hollowing loader
  ☆62Updated 6 months ago
• VirtualAlllocEx / Taskschedule-Persistence-Download-Cradles
  Depending on the AV/EPP/EDR creating a Taskschedule Job with a default cradle is often flagged
  ☆88Updated 3 years ago
• DISREL / Conti-Leaked-Playbook-TTPs
  MITRE TTPs derived from Conti's leaked playbooks from XSS.IS
  ☆41Updated 4 years ago
• S3cur3Th1sSh1t / Nim_DInvoke
  D/Invoke implementation in Nim
  ☆103Updated 3 years ago
• Bl4ckM1rror / PEAs
  ☆61Updated 2 years ago
• codewhitesec / SysmonEnte
  ☆78Updated 3 years ago
• knight0x07 / BumbleCrypt
  A Bumblebee-inspired Crypter
  ☆80Updated 3 years ago
• Octoberfest7 / BeatRev
  POC for frustrating/defeating Malware Analysts
  ☆158Updated 3 years ago
• tccontre / Reg-Restore-Persistence-Mole
  a short C code POC to gain persistence and evade sysmon event code registry (creation, update and deletion) REG_NOTIFY_CLASS Registry Cal…
  ☆65Updated 2 years ago
• tothi / stager_libpeconv
  A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading
  ☆84Updated 3 years ago
• dis0rder0x00 / CanYouCTheThief
  A C implementation of the Sektor7 "A Thief" Windows privesc technique.
  ☆70Updated 3 years ago
• netbiosX / GhostLoader
  GhostLoader - AppDomainManager - Injection - 攻壳机动队
  ☆53Updated 5 years ago
• peiga / DumpThatLSASS
  Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation
  ☆31Updated 3 years ago