Playing with PE's and Building Structures by Hand
☆22Apr 21, 2022Updated 3 years ago
Alternatives and similar repositories for HookDetector
Users that are interested in HookDetector are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- Use GZip to compress your .NET assemblies for loading with AssemblyResolve.☆20Apr 11, 2014Updated 12 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- Asynchronous named pipe module for PowerShell☆21May 30, 2016Updated 9 years ago
- ☆60Feb 10, 2022Updated 4 years ago
- NordVPN Special Discount Offer • AdSave on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
- various methods of making API calls☆19Feb 1, 2025Updated last year
- It's what all the kids are talking about☆12Apr 25, 2023Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆111Aug 7, 2025Updated 8 months ago
- A collection of sample code used in some experiments with Sliver C2☆16Mar 28, 2023Updated 3 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 3 years ago
- Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.☆124Apr 9, 2022Updated 4 years ago
- DLL Exports Extraction BOF with optional NTFS transactions.☆90Nov 5, 2021Updated 4 years ago
- A simple PE loader.☆27Dec 9, 2022Updated 3 years ago
- DLL Hijack Search Order Enumeration BOF☆149Nov 3, 2021Updated 4 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files☆72Aug 1, 2023Updated 2 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆378May 24, 2022Updated 3 years ago
- Search files for extensions as well as text within.☆122Sep 28, 2021Updated 4 years ago
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Create file system symbolic links from low privileged user accounts within PowerShell☆95Jun 20, 2022Updated 3 years ago
- NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs☆95Apr 4, 2026Updated last week
- User-mode implementation of HTTP.SYS. Implements HTTP 1.1 of the "HTTP Server API 2.0" for web servers☆45Feb 17, 2025Updated last year
- Beacon Object File to locate and suspend the threads hosting the Event Log service☆29Jun 17, 2022Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- miscellaneous sploit scripts/hacks☆18Feb 3, 2025Updated last year
- Small handy tool for crafting shellcodes by hand.☆18Apr 20, 2022Updated 3 years ago
- ☆26Aug 8, 2021Updated 4 years ago
- ☆170Jan 7, 2022Updated 4 years ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆32Nov 1, 2023Updated 2 years ago
- A simple COM server which provides a component to run shellcode☆148May 12, 2020Updated 5 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆144Feb 23, 2022Updated 4 years ago
- Hides processes from the windows task manager using IAT hooking.☆22Mar 30, 2021Updated 5 years ago
- UUID based Shellcode loader for your favorite C2☆86Dec 8, 2021Updated 4 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Simple and sane compression wrapper library.☆19Oct 28, 2022Updated 3 years ago
- A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…☆275May 3, 2023Updated 2 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆267Nov 18, 2022Updated 3 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- Files for http://deniable.org/windows/windows-callbacks☆26Jul 9, 2020Updated 5 years ago
- WTSRM☆215Aug 7, 2022Updated 3 years ago
- Detect strange memory regions and DLLs☆191Jan 20, 2022Updated 4 years ago