A small PoC that creates processes in Windows
☆187Jun 6, 2024Updated 2 years ago
Alternatives and similar repositories for CreateProcess
Users that are interested in CreateProcess are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆141Sep 12, 2022Updated 3 years ago
- ☆131Jun 28, 2023Updated 2 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.☆129Apr 24, 2022Updated 4 years ago
- It stinks☆102Apr 22, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A PoC implementation for dynamically masking call stacks with timers.☆312Feb 13, 2023Updated 3 years ago
- Silence EDRs by removing kernel callbacks☆240Dec 7, 2020Updated 5 years ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆104Jan 7, 2022Updated 4 years ago
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆186Jul 21, 2022Updated 3 years ago
- ☆170Jan 7, 2022Updated 4 years ago
- A Poc on blocking Procmon from monitoring network events☆112Aug 7, 2025Updated 10 months ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆377May 24, 2022Updated 4 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆205Jun 6, 2024Updated 2 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- Infect Shared Files In Memory for Lateral Movement☆192Dec 14, 2022Updated 3 years ago
- ☆513Aug 14, 2022Updated 3 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,020Jun 4, 2024Updated 2 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆84May 23, 2022Updated 4 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆302Oct 26, 2022Updated 3 years ago
- Dump Citrix Secure Access auth cookie from the process memory☆76Jun 24, 2022Updated 3 years ago
- miscellaneous scripts and programs☆286May 13, 2026Updated 3 weeks ago
- Remove API hooks from a Beacon process.☆284Sep 18, 2021Updated 4 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆234Oct 18, 2022Updated 3 years ago
- LdrLoadDll Unhooking☆132Jan 16, 2022Updated 4 years ago
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆241Jan 4, 2023Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- Beacon Object File Loader☆295Dec 3, 2023Updated 2 years ago
- ☆153Jan 6, 2023Updated 3 years ago
- ☆27Dec 29, 2021Updated 4 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆554Dec 3, 2023Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Nim version of MDSec's Parallel Syscall PoC☆125Apr 4, 2026Updated 2 months ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆142Sep 24, 2021Updated 4 years ago
- ☆121Dec 23, 2022Updated 3 years ago
- ☆246Dec 16, 2022Updated 3 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆728Jul 19, 2023Updated 2 years ago
- DLL Hijack Search Order Enumeration BOF☆148Nov 3, 2021Updated 4 years ago
- collection of apis used in malware development☆231Aug 2, 2022Updated 3 years ago