dalvarezperez / CreateFile_based_rootkit
☆131Updated last year
Related projects ⓘ
Alternatives and complementary repositories for CreateFile_based_rootkit
- OffensivePH - use old Process Hacker driver to bypass several user-mode access controls☆329Updated 3 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆196Updated 4 years ago
- Bypassing NTFS permissions to read any files as unprivileged user.☆187Updated 4 years ago
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆156Updated 4 months ago
- Evasive Process Hollowing Techniques☆134Updated 4 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆213Updated 4 years ago
- Managed assembly shellcode generation☆264Updated 3 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆155Updated 5 years ago
- Shellcoding utilities☆219Updated 3 years ago
- Neutering Sysmon via driver unload☆222Updated 2 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆240Updated 4 years ago
- Example code for EDR bypassing☆146Updated 5 years ago
- Custom Metasploit post module to executing a .NET Assembly from Meterpreter session☆341Updated 4 years ago
- Proxy system calls over an RPC channel☆96Updated 2 years ago
- a tool to make it easy and fast to test various forms of injection☆172Updated 5 years ago
- Phantom DLL hollowing PoC☆350Updated 2 years ago
- Universal Unhooking☆316Updated 6 years ago
- Exploit Development - Weaponized Exploit and Proof of Concepts (PoC)☆216Updated last year
- 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.☆127Updated last year
- A personalized/enhanced re-creation of the Darkhotel "Double Star" APT exploit chain with a focus on Windows 8.1 and mixed with some of m…☆145Updated 2 years ago
- Apply a filter to the events being reported by windows event logging☆260Updated 3 years ago
- PoC for proxying COM objects when hijacking☆199Updated 5 years ago
- Windows 10 Privilege Escalation (magnifier.exe) via Dll Search Order Hijacking☆136Updated 4 years ago
- Local privilege escalation PoC exploit for CVE-2019-16098☆191Updated 5 years ago
- Just another Windows Process Injection☆389Updated 4 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆113Updated 5 years ago
- C# Implementation of the Hell's Gate VX Technique☆208Updated 4 years ago