hasherezade / module_overloading
A more stealthy variant of "DLL hollowing"
☆348Updated last year
Alternatives and similar repositories for module_overloading:
Users that are interested in module_overloading are comparing it to the libraries listed below
- Phantom DLL hollowing PoC☆360Updated 2 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆403Updated 3 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆559Updated 2 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆546Updated last year
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆332Updated 2 years ago
- Just another Windows Process Injection☆395Updated 4 years ago
- Universal Unhooking☆321Updated 6 years ago
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆176Updated 2 weeks ago
- This is a simple example and explanation of obfuscating API resolution via hashing☆235Updated 4 years ago
- Executes 64bit code from a 32bit process☆229Updated 7 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆202Updated 3 years ago
- Asynchronous Procedure Calls☆224Updated 4 years ago
- Yet another variant of Process Hollowing☆392Updated 3 months ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆225Updated 4 years ago
- An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.☆305Updated 6 years ago
- Extract Windows Defender database from vdm files and unpack it☆440Updated 5 years ago
- APC Internals Research Code☆166Updated 4 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆213Updated 2 years ago
- Security product hook detection☆318Updated 4 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆237Updated 3 years ago
- Set of antianalysis techniques found in malware☆132Updated last year
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆217Updated 5 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆205Updated 2 years ago
- Research on Windows Kernel Executive Callback Objects☆286Updated 5 years ago
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆149Updated 4 years ago
- OffensivePH - use old Process Hacker driver to bypass several user-mode access controls☆332Updated 3 years ago
- An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security☆324Updated 7 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆272Updated 4 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆348Updated 2 years ago
- PoC capable of detecting manual syscalls from usermode.☆194Updated 5 months ago