A small PoC that creates processes in Windows
☆187Jun 6, 2024Updated last year
Alternatives and similar repositories for CreateProcess
Users that are interested in CreateProcess are comparing it to the libraries listed below
Sorting:
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- miscellaneous scripts and programs☆277Jan 23, 2025Updated last year
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- Writeup of Payload Techniques in C involving Mutants, Session 1 -> Session 0 migration, and Self-Deletion of payloads.☆129Apr 24, 2022Updated 3 years ago
- ☆170Jan 7, 2022Updated 4 years ago
- ☆126Jun 28, 2023Updated 2 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- ☆152Jan 6, 2023Updated 3 years ago
- ☆505Aug 14, 2022Updated 3 years ago
- A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from LSASS process.☆301Oct 26, 2022Updated 3 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆308Feb 13, 2023Updated 3 years ago
- Infect Shared Files In Memory for Lateral Movement☆193Dec 14, 2022Updated 3 years ago
- Section Mapping Process Injection (secinject): Cobalt Strike BOF☆102Jan 7, 2022Updated 4 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- ☆121Dec 23, 2022Updated 3 years ago
- collection of apis used in malware development☆229Aug 2, 2022Updated 3 years ago
- ☆274Jan 14, 2023Updated 3 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆202Jun 6, 2024Updated last year
- Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2☆187Jul 21, 2022Updated 3 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆554Dec 3, 2023Updated 2 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆144May 10, 2022Updated 3 years ago
- Nim version of MDSec's Parallel Syscall PoC☆123Jan 14, 2022Updated 4 years ago
- Remove API hooks from a Beacon process.☆282Sep 18, 2021Updated 4 years ago
- ☆137Aug 2, 2022Updated 3 years ago
- POC tool to convert CobaltStrike BOF files to raw shellcode☆220Nov 5, 2021Updated 4 years ago
- ☆246Dec 16, 2022Updated 3 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆83May 23, 2022Updated 3 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- DLL Hijack Search Order Enumeration BOF☆149Nov 3, 2021Updated 4 years ago
- Sleep Obfuscation☆816Dec 3, 2023Updated 2 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆718Jul 19, 2023Updated 2 years ago
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆235Oct 18, 2022Updated 3 years ago