Simple PoC to locate hooked functions by EDR in ntdll.dll
☆46Jul 16, 2023Updated 2 years ago
Alternatives and similar repositories for HookFinder
Users that are interested in HookFinder are comparing it to the libraries listed below
Sorting:
- A work in progress BOF/COFF loader in Rust☆50Mar 22, 2023Updated 2 years ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Jan 6, 2024Updated 2 years ago
- ☆101Oct 7, 2023Updated 2 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆82May 23, 2023Updated 2 years ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆49Nov 2, 2025Updated 4 months ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- Threadless Injection Payload Toolkit☆12Oct 12, 2023Updated 2 years ago
- ☆12Jul 2, 2023Updated 2 years ago
- ☆26Aug 5, 2025Updated 6 months ago
- BOF to decrypt Signal Desktop chat logs☆71Feb 20, 2025Updated last year
- Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.☆15Feb 29, 2024Updated 2 years ago
- ☆64Dec 19, 2024Updated last year
- Small tool to play with IOCs caused by Imageload events☆44May 14, 2023Updated 2 years ago
- Extension functionality for the NightHawk operator client☆26Nov 3, 2023Updated 2 years ago
- A simple BOF that disables some logging with NtSetInformationProcess☆13Oct 13, 2023Updated 2 years ago
- EDR/AV Simulation for Malware Development☆13Oct 21, 2023Updated 2 years ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 5 months ago
- Reproducing the SkeletonKey malware.☆11Apr 6, 2024Updated last year
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- in-process powershell runner for BRC4☆48Oct 31, 2023Updated 2 years ago
- Find .net assemblies locally☆133Oct 14, 2022Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- ForsHops☆59Mar 25, 2025Updated 11 months ago
- OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threat research tea…☆20Sep 22, 2021Updated 4 years ago
- C or BOF file to extract WebKit master key to decrypt user cookie☆207Apr 29, 2024Updated last year
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆138Jul 10, 2025Updated 7 months ago
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆64Apr 2, 2025Updated 11 months ago
- ☆64May 31, 2024Updated last year
- Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…☆173Apr 27, 2023Updated 2 years ago
- ELF Beacon Object File (BOF) Template☆19Nov 18, 2024Updated last year
- Tool to enumerate unregistered reply URLs for single and multitenant apps in Azure☆15Jan 23, 2025Updated last year
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆108Mar 8, 2023Updated 2 years ago
- BOF with Synthetic Stackframe☆230Oct 30, 2025Updated 4 months ago
- PoC XLL builder in Python/Nim☆49Nov 21, 2022Updated 3 years ago
- SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.☆75May 1, 2024Updated last year
- Capture screenshots from .NET using .NET methods or Windows API calls☆66Mar 9, 2020Updated 5 years ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆88Feb 11, 2024Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- A bunch of scripts and code i wrote.☆149Nov 7, 2024Updated last year