SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows applications installer and update processes.
☆262Feb 2, 2026Updated last month
Alternatives and similar repositories for SetupHijack
Users that are interested in SetupHijack are comparing it to the libraries listed below
Sorting:
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- Windows rootkit designed to work with BYOVD exploits☆216Jan 18, 2025Updated last year
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- ☆38Apr 15, 2025Updated 10 months ago
- Process Injection using Thread Name☆306Apr 18, 2025Updated 10 months ago
- early cascade injection PoC based on Outflanks blog post, in rust☆62Nov 8, 2024Updated last year
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 10 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆54May 12, 2025Updated 9 months ago
- This code silently installs Chrome extensions on Mac, Windows, and Linux☆130Jul 22, 2025Updated 7 months ago
- Internal Monologue BOF☆79Dec 28, 2024Updated last year
- various methods of making API calls☆19Feb 1, 2025Updated last year
- Lateral movement with DCOM DLL hijacking☆176Jul 4, 2025Updated 8 months ago
- A modern, web-based GUI for Hashcat that provides an intuitive interface for hash cracking operations, featuring real-time monitoring, pe…☆34Mar 5, 2025Updated last year
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆167Sep 22, 2025Updated 5 months ago
- Bypass user-land hooks by syscall tampering via the Trap Flag☆138Aug 25, 2025Updated 6 months ago
- Project for generating and identifying deceptive LNK files.☆251Updated this week
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- This is the tool to dump the LSASS process on modern Windows 11☆560Nov 1, 2025Updated 4 months ago
- Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…☆199Jun 17, 2025Updated 8 months ago
- EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running.☆187Jan 11, 2026Updated last month
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Terminate AV/EDR processes by exploiting the vulnerable NsecSoft driver☆33Sep 15, 2025Updated 5 months ago
- Reimplementation of the KExecDD DSE bypass technique.☆59Sep 7, 2024Updated last year
- Sleep obfuscation☆268Dec 13, 2024Updated last year
- ACL Viewer for Windows☆133May 4, 2025Updated 10 months ago
- A runtime for developing large-scale and complex shellcode.☆22Updated this week
- Mythic C2 Agent written in x64 PIC C☆84Jan 29, 2025Updated last year
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆354Apr 26, 2025Updated 10 months ago
- BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions☆345Nov 19, 2024Updated last year
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 10 months ago
- Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.☆69Nov 15, 2025Updated 3 months ago
- Linker for Beacon Object Files☆159Feb 22, 2026Updated last week
- A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…☆59Mar 17, 2025Updated 11 months ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆283Sep 18, 2024Updated last year
- Find jmp gadgets for call stack spoofing.☆75Oct 1, 2025Updated 5 months ago
- Rust crate to run commands as another user☆54Feb 12, 2026Updated 3 weeks ago
- This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.☆295Nov 1, 2025Updated 4 months ago
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆71Dec 26, 2025Updated 2 months ago