hid3rx / GhostWritingLinks
☆33Updated 2 years ago
Alternatives and similar repositories for GhostWriting
Users that are interested in GhostWriting are comparing it to the libraries listed below
Sorting:
- Windows API Call Obfuscation☆109Updated 2 years ago
- Kill Protected Process Light Process (include av)☆58Updated 2 years ago
- Hide Port In Windows☆41Updated 10 months ago
- Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&☆57Updated this week
- IAT-Obfuscation to make static analysis of executable harder.☆44Updated 4 years ago
- Detect BypassUAC using AMSI☆26Updated 7 months ago
- 32 bit process inject shellcode to 32 bit process and 64 bit process☆36Updated 2 years ago
- Implementation of several code injection techniques.☆24Updated 3 years ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated 2 years ago
- shellcode生成框架☆87Updated last year
- https://key08.com/index.php/2021/10/19/1375.html☆71Updated 3 years ago
- Just another version of the custom stack call from Proxy-Function-Calls-For-ETwTI☆35Updated 2 years ago
- An implementation of an indirect system call☆131Updated 2 years ago
- shellcode-loaders and beacon-loaders☆70Updated last year
- Call NtCreateUserProcess directly as normal.☆74Updated 3 years ago
- An Obfuscator-LLVM based mingw-w64 toolchain.☆43Updated 3 years ago
- ksc4cpp is a shellcode framework for windows kernel based on C++☆21Updated 2 years ago
- ☆40Updated 2 years ago
- Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.☆35Updated 4 months ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆142Updated 3 years ago
- Windows Defender VDM lua collections☆48Updated 2 years ago
- ☆56Updated 3 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆31Updated 3 years ago
- 关闭恶意驱动的文件和注册表保护☆13Updated 3 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆40Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆89Updated 2 years ago
- Stack integrity verification to Detect SleepMask or CallStack Spoofer☆37Updated 2 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆48Updated last year
- 针对windows rootkit的一些检测,分别从进程、端口、文件这三个方面进行检测。☆21Updated 8 months ago
- Simulate per-process disconnection in red team environments☆110Updated 3 months ago