iilegacyyii / ExportDumper
A small tool I made to dump the export table of PE files. The primary use case was intended for use within DLL proxying.
☆66Updated 2 years ago
Related projects: ⓘ
- ☆74Updated 3 weeks ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- A Poc on blocking Procmon from monitoring network events☆96Updated 2 years ago
- ☆97Updated last year
- Small PoC of using a Microsoft signed executable as a lolbin.☆131Updated last year
- Detours implementation (x64/x86) which used only ntdll import☆85Updated 3 months ago
- A Bumblebee-inspired Crypter☆79Updated last year
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆126Updated 2 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆79Updated last year
- Enabled / Disable LSA Protection via BYOVD☆61Updated 2 years ago
- ☆96Updated 2 years ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆116Updated last year
- A small NtCreateUserProcess PoC that spawns a Command prompt.☆83Updated 2 years ago
- Minifilter Callback Patching Proof-of-Concept☆59Updated last year
- Overwrite a process's recovery callback and execute with WER☆100Updated 2 years ago
- Piece of code to detect and remove hooks in IAT☆51Updated 2 years ago
- It's pointy and it hurts!☆120Updated last year
- A kernel vulnerability used to achieve arbitrary read-write on Windows prior to July 2022☆103Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆86Updated 2 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆67Updated 2 years ago
- ☆105Updated this week
- Experiment on reproducing Obfuscate & Sleep☆136Updated 3 years ago
- ☆68Updated 3 weeks ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆151Updated last year
- ☆100Updated this week
- Sleep Obfuscation☆39Updated last year
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆56Updated last year
- a library that automates some clean syscalls to make it easier to implement☆80Updated last year
- Next gen process injection technique☆41Updated 4 years ago