lleon1435 / Kernel_VADInjector
Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
☆51Updated 11 months ago
Related projects: ⓘ
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆24Updated last year
- ☆67Updated this week
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated last week
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆41Updated 6 months ago
- Windows AppLocker Driver (appid.sys) LPE☆30Updated last month
- ☆33Updated last year
- In-memory hiding technique☆36Updated 3 months ago
- ☆68Updated 3 weeks ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- API Hammering with C++20☆34Updated 2 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆22Updated 3 months ago
- ☆26Updated 2 months ago
- This program is used to perform reflective DLL Injection to a remote process specified by the user.☆61Updated last year
- Section-based payload obfuscation technique for x64☆59Updated last month
- ☆23Updated 10 months ago
- Splitting and executing shellcode across multiple pages☆98Updated last year
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆52Updated last month
- Enabled / Disable LSA Protection via BYOVD☆61Updated 2 years ago
- ☆38Updated this week
- This is my own implementation of the Perun's Fart technique by Sektor7☆64Updated 2 years ago
- ☆23Updated 4 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆20Updated this week
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆55Updated last year
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year
- A direct improvement to remote TLS Injection.☆15Updated 3 months ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆31Updated last year
- Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE☆63Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆34Updated 9 months ago