idan1288 / PHDetection
Process Hollowing Detection on a live system
☆13Updated 7 years ago
Related projects ⓘ
Alternatives and complementary repositories for PHDetection
- Clone running process with ZwCreateProcess☆58Updated 4 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆26Updated 3 years ago
- ☆31Updated 4 years ago
- ☆57Updated 2 years ago
- Simple PE Packer Which Encrypts .text Section☆49Updated 7 years ago
- PoC for detecting and dumping process hollowing code injection☆50Updated 6 years ago
- ☆17Updated 3 years ago
- Process Injection without R/W target memory and without creating a remote thread☆19Updated 2 years ago
- Remote PE reflective injection with a simple reflective loader☆29Updated 5 years ago
- A ready-made template for a project based on libpeconv.☆41Updated last month
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆31Updated 2 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆34Updated 4 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆44Updated 4 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆44Updated 7 years ago
- ☆27Updated 2 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆69Updated 3 years ago
- ☆15Updated 3 years ago
- Six cases demonstrating methods of optimizing GetProcAddress☆17Updated 2 years ago
- ☆16Updated 4 years ago
- ☆19Updated 4 years ago
- ☆36Updated 2 years ago
- ☆29Updated 2 years ago
- PoC for hiding PE exports☆65Updated 3 years ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆33Updated 3 years ago