jdu2600 / Get-InjectedThreadExLinks
Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
☆41Updated last year
Alternatives and similar repositories for Get-InjectedThreadEx
Users that are interested in Get-InjectedThreadEx are comparing it to the libraries listed below
Sorting:
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- macOS dylib stager☆33Updated 5 months ago
- ☆31Updated 10 months ago
- ☆110Updated 5 months ago
- ☆75Updated 2 years ago
- ☆32Updated 6 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated 11 months ago
- Python module for running BOFs☆70Updated last year
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆25Updated 2 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆42Updated 11 months ago
- Halos Gate-based NTAPI Unhooker☆52Updated 3 years ago
- A more reliable way of resolving syscall numbers in Windows☆49Updated last year
- A Python script for creating `.lnk` (shortcut) files with embedded encoded data and packaging them into ZIP archives.☆50Updated 5 months ago
- A VSCode devcontainer for development of COFF files with batteries included.☆49Updated last year
- ☆62Updated 5 months ago
- List the ETW provider(s) in the registration table of a process.☆59Updated last year
- shell code example☆49Updated last month
- Piece of code to detect and remove hooks in IAT☆64Updated 3 years ago
- ForsHops☆53Updated 2 months ago
- Ghosting-AMSI☆17Updated last month
- ☆114Updated 2 years ago
- A work in progress BOF/COFF loader in Rust☆50Updated 2 years ago
- ☆30Updated 6 months ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆16Updated 11 months ago
- Determine if the WebClient Service (WebDAV) is running on a remote system☆19Updated last year
- A C++ PoC implementation for enumerating Windows Fibers directly from memory☆19Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆72Updated 7 months ago
- Get your data from the resource section manually, with no need for windows apis☆63Updated 8 months ago