itaymigdal / PichichiH0ll0wer
Nim process hollowing loader
☆47Updated last month
Related projects: ⓘ
- PoC XLL builder in Python/Nim☆40Updated last year
- ☆62Updated last month
- ☆132Updated last year
- IoctlHunter is a command-line tool designed to simplify the analysis of IOCTL calls made by userland software targeting Windows drivers.☆83Updated 8 months ago
- Do some DLL SideLoading magic☆72Updated last year
- RDLL for Cobalt Strike beacon to silence sysmon process☆85Updated 2 years ago
- Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity☆33Updated 4 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆106Updated 11 months ago
- Tool for playing with Windows Access Token manipulation.☆50Updated last year
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 2 months ago
- ☆47Updated last year
- NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg☆46Updated 6 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆43Updated 4 months ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆151Updated last year
- Threadless shellcode injection tool☆56Updated last month
- Python module for running BOFs☆63Updated last year
- Splitting and executing shellcode across multiple pages☆98Updated last year
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆99Updated this week
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆50Updated 6 months ago
- Utilities for obfuscating shellcode☆38Updated 2 months ago
- A more reliable way of resolving syscall numbers in Windows☆49Updated 7 months ago
- Lateral Movement via the .NET Profiler☆74Updated 3 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆31Updated 2 months ago
- A C# Solution Source Obfuscator for avoiding AV signatures with minimal user interaction. Powered by the Roslyn C# library.☆69Updated 4 years ago
- Just another ntdll unhooking using Parun's Fart technique☆70Updated last year
- It's pointy and it hurts!☆120Updated last year
- ☆70Updated last year
- ☆105Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago