m417z / winapiexec

Related projects ⓘ

Alternatives and complementary repositories for winapiexec

• zodiacon / TotalPE2
  PE Viewer
  ☆151Updated last week
• m417z / global-inject-demo
  A global injection and hooking example
  ☆123Updated last year
• zodiacon / ObjectExplorer
  Explore Kernel Objects on Windows
  ☆200Updated 9 months ago
• cyberark / RPCMon
  RPC Monitor tool based on Event Tracing for Windows
  ☆328Updated 2 months ago
• APTortellini / unDefender
  Killing your preferred antimalware by abusing native symbolic links and NT paths.
  ☆351Updated 2 years ago
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆236Updated 2 years ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆231Updated last year
• zodiacon / sysrun
  Run any executable as SYSTEM account (no service required)
  ☆121Updated 5 months ago
• m417z / ntdoc
  Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
  ☆157Updated last week
• tastypepperoni / RunAsWinTcb
  ☆134Updated 2 years ago
• NtQuerySystemInformation / CustomKeyboardLayoutPersistence
  Achieve execution using a custom keyboard layout
  ☆161Updated last year
• Mr-Un1k0d3r / WindowsDllsExport
  A list of all the DLLs export in C:\windows\system32\
  ☆211Updated 2 years ago
• MzHmO / SymProcAddress
  Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
  ☆137Updated 7 months ago
• thesecretclub / SandboxBootkit
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆258Updated 3 weeks ago
• VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls
  The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
  ☆164Updated 9 months ago
• Yaxser / COFFLoader2
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆193Updated 2 years ago
• utoni / PastDSE
  DSE bypass using a leaked cert and adjusting the current clock.
  ☆133Updated 2 years ago
• nccgroup / DetectWindowsCopyOnWriteForAPI
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆183Updated 2 years ago
• mdsecactivebreach / com_inject
  ☆182Updated 2 years ago
• 0xf005ba11 / vmplex-ws
  A tabbed UI for Microsoft's Hyper-V
  ☆202Updated 2 months ago
• milkdevil / injectAllTheThings
  ☆72Updated 7 years ago
• rainerzufalldererste / windows_x64_shellcode_template
  An easily modifiable shellcode template for Windows x64 written in C
  ☆194Updated last year
• mgeeky / UnhookMe
  UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …
  ☆341Updated 2 years ago
• am0nsec / wspe
  Windows System Programming Experiments
  ☆216Updated 2 years ago
• csandker / InterProcessCommunication-Samples
  Some Code Samples for Windows based Inter-Process-Communication (IPC)
  ☆158Updated 8 months ago
• zodiacon / WFPExplorer
  Windows Filtering Platform Explorer
  ☆210Updated last month
• RedTeamOperations / VEH-PoC
  ☆105Updated last year
• mrexodia / phnt-single-header
  Single header version of System Informer's phnt library.
  ☆184Updated last week
• DamonMohammadbagher / ETWProcessMon2
  ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detecti…
  ☆291Updated 7 months ago
• xalicex / Killers
  Exploitation of process killer drivers
  ☆186Updated last year