Hollow Process / Dynamic Forking / RunPE injection technique implemented in Python
☆54Jun 18, 2021Updated 4 years ago
Alternatives and similar repositories for HollowProcess
Users that are interested in HollowProcess are comparing it to the libraries listed below
Sorting:
- ☆14Sep 22, 2019Updated 6 years ago
- CVE-2017-4878 Samples - http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html☆18Feb 5, 2018Updated 8 years ago
- ☆92Apr 17, 2021Updated 4 years ago
- HTTP/HTTPS/DNS inspector (windows driver)☆27Feb 20, 2019Updated 7 years ago
- A Windows Remote Administration Tool in Visual Basic with UNC paths☆23Apr 19, 2019Updated 6 years ago
- Win32 API Hook偵測☆10Oct 1, 2017Updated 8 years ago
- ☆13Jun 1, 2021Updated 4 years ago
- A tool for scanning registery key permissions. Find where non-admins can create symbolic links.☆45Oct 30, 2019Updated 6 years ago
- A simple parser(library) which extracts shimcache data from windows.☆15May 20, 2019Updated 6 years ago
- This tool allows you to stealthily inject a DLL into a process.☆14Jul 11, 2015Updated 10 years ago
- Simple Process Hollowing in C#☆68Oct 23, 2017Updated 8 years ago
- PE Infector/Cryptor source code☆16Apr 30, 2017Updated 8 years ago
- Windows log and threat hunting with powershell☆16Dec 11, 2020Updated 5 years ago
- 对windows-api内容进行自动审查和过滤监控☆15May 30, 2017Updated 8 years ago
- Proof of Concept code for CVE-2020-0728☆47Feb 12, 2020Updated 6 years ago
- CVE-2019-0708 - BlueKeep (RDP)☆40Jun 14, 2020Updated 5 years ago
- Scan and edit memory using WinAPI functions such as ReadProcessMemory and WriteProcessMemory☆50Sep 25, 2017Updated 8 years ago
- win32k use-after-free poc☆71Apr 22, 2020Updated 5 years ago
- Windows kernel-mode callbacks tutorial driver☆48Aug 8, 2016Updated 9 years ago
- shellcode注入测试工具☆52Aug 5, 2019Updated 6 years ago
- C# DCOM Execution☆17Aug 4, 2019Updated 6 years ago
- Aurora Remote Administration Tool☆20Apr 16, 2018Updated 7 years ago
- ☆16Feb 26, 2018Updated 8 years ago
- PoC for detecting and dumping process hollowing code injection☆52Oct 23, 2018Updated 7 years ago
- ☆135Dec 15, 2019Updated 6 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- 逆向小红伞杀毒软件驱动——avdevprot☆24Dec 3, 2017Updated 8 years ago
- An attempt at Process Doppelgänging☆183Dec 21, 2017Updated 8 years ago
- Asynchronous named pipe module for PowerShell☆21May 30, 2016Updated 9 years ago
- Persistent through COM Hijacking☆22Jan 15, 2019Updated 7 years ago
- Fud Runpe Av Evasion / All Av Bypass☆32Feb 24, 2023Updated 3 years ago
- CVE-2020-5837 exploit☆43May 13, 2020Updated 5 years ago
- Allow a Go process to dynamically load .NET assemblies☆150Mar 28, 2020Updated 5 years ago
- Logs instruction hits to a file which can be fed into IDA Pro to highlight which instructions were called.☆42Jul 5, 2013Updated 12 years ago
- ☆94Nov 16, 2018Updated 7 years ago
- poc for cve-2025-53772☆46Dec 10, 2025Updated 2 months ago
- RDP Credential Provider☆11Oct 29, 2025Updated 4 months ago
- ☆93Nov 1, 2018Updated 7 years ago
- A quick and dirty .NET "Deserialize_*" fuzzer based on James Forshaw's (@tiraniddo) DotNetToJScript.☆42Nov 10, 2018Updated 7 years ago