Playing with PE's and Building Structures by Hand
☆22Apr 21, 2022Updated 3 years ago
Alternatives and similar repositories for HookDetector
Users that are interested in HookDetector are comparing it to the libraries listed below
Sorting:
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- Use GZip to compress your .NET assemblies for loading with AssemblyResolve.☆20Apr 11, 2014Updated 11 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- It's what all the kids are talking about☆12Apr 25, 2023Updated 2 years ago
- ☆61Feb 10, 2022Updated 4 years ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- A collection of sample code used in some experiments with Sliver C2☆16Mar 28, 2023Updated 2 years ago
- Beacon Object File to locate and suspend the threads hosting the Event Log service☆29Jun 17, 2022Updated 3 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 3 years ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files☆71Aug 1, 2023Updated 2 years ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆95Jun 20, 2022Updated 3 years ago
- Small handy tool for crafting shellcodes by hand.☆18Apr 20, 2022Updated 3 years ago
- A PoC weaponising CustomXMLPart for hiding malware code inside of Office document structures.☆39Aug 8, 2022Updated 3 years ago
- A small NtCreateUserProcess PoC that spawns a Command prompt.☆102Aug 25, 2022Updated 3 years ago
- Simple and sane compression wrapper library.☆19Oct 28, 2022Updated 3 years ago
- Bypass Windows defender syscall☆18Jul 17, 2021Updated 4 years ago
- Hides processes from the windows task manager using IAT hooking.☆22Mar 30, 2021Updated 4 years ago
- A .NET 4.8 application to retrieve delivr.to emails from Microsoft Outlook via COM☆20Jul 19, 2025Updated 7 months ago
- Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.☆125Apr 9, 2022Updated 3 years ago
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 2 years ago
- Official implementation for the paper "On deceiving malware classification with section injection"☆36Aug 16, 2022Updated 3 years ago
- A Poc on blocking Procmon from monitoring network events☆111Aug 7, 2025Updated 6 months ago
- DynamicSyscalls is a library written in .net resolves the syscalls dynamically (Has nothing to do with hooking/unhooking)☆66Nov 13, 2022Updated 3 years ago
- NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs☆95Aug 1, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- A quick and dirty way to bypass encrypted EPA to connect to a NetScaler Gateway☆20Oct 11, 2019Updated 6 years ago
- Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!☆75Feb 4, 2026Updated 3 weeks ago
- ☆170Jan 7, 2022Updated 4 years ago
- Read Memory without ReadProcessMemory for Current Process☆92Feb 13, 2022Updated 4 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- C# version of MDSec's ParallelSyscalls☆141Jan 9, 2022Updated 4 years ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆32Nov 1, 2023Updated 2 years ago
- Load Encrypted Dll Using LoadLibraryA, Keep The Dll Encrypted on disc all the time and decrypt it only in memory.☆23Sep 5, 2021Updated 4 years ago
- Example of using Sleep to create better named pipes.☆41Jul 25, 2023Updated 2 years ago
- UUID based Shellcode loader for your favorite C2☆86Dec 8, 2021Updated 4 years ago