frkngksl / HintInject
A PoC project for embedding shellcode to Hint/Name Table
☆111Updated 2 years ago
Alternatives and similar repositories for HintInject:
Users that are interested in HintInject are comparing it to the libraries listed below
- ☆112Updated 2 years ago
- ☆95Updated 3 years ago
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- ☆133Updated last year
- Building and Executing Position Independent Shellcode from Object Files in Memory☆157Updated 4 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆99Updated 3 years ago
- Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR☆156Updated 3 years ago
- Overwrite a process's recovery callback and execute with WER☆103Updated 2 years ago
- I have documented all of the AMSI patches that I learned till now☆71Updated last week
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆122Updated 2 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆87Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆101Updated 2 years ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆54Updated 2 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆82Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆68Updated last year
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆133Updated 2 years ago
- It's pointy and it hurts!☆124Updated 2 years ago
- API Hammering with C++20☆45Updated 2 years ago
- a library that automates some clean syscalls to make it easier to implement☆84Updated 2 years ago
- 64bit WIndows 10 shellcode dat pops dat calc - Dynamic & Null Free☆61Updated 2 years ago
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆171Updated 2 years ago
- ☆47Updated 2 years ago
- Do some DLL SideLoading magic☆80Updated last year
- Enabled / Disable LSA Protection via BYOVD☆66Updated 3 years ago
- Create Anti-Copy DRM Malware☆54Updated 7 months ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆124Updated 2 years ago
- Identify and exploit leaked handles for local privilege escalation.☆106Updated last year
- Beacon Object File allowing creation of Beacons in different sessions.☆79Updated 2 years ago
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆103Updated 2 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆73Updated 3 years ago