Next gen process injection technique
☆54Jul 9, 2020Updated 5 years ago
Alternatives and similar repositories for StackBombing
Users that are interested in StackBombing are comparing it to the libraries listed below
Sorting:
- a stage1 DLL loader with sleep obfuscation☆36Dec 27, 2022Updated 3 years ago
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated last year
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆139Apr 6, 2025Updated 11 months ago
- GhostWriting Injection Technique.☆195Mar 26, 2018Updated 7 years ago
- Malware?☆77Oct 26, 2025Updated 4 months ago
- Reverse engineering winapi function loadlibrary.☆238Apr 17, 2023Updated 2 years ago
- In-memory hiding technique☆63Jan 5, 2025Updated last year
- PoC for DEF CON 26: Playing Malware Injection with Exploit thoughts☆25Aug 17, 2018Updated 7 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 3 years ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆466Aug 23, 2023Updated 2 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- Use hardware breakpoint to dynamically change SSN in run-time☆280Apr 10, 2024Updated last year
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆287Jan 21, 2024Updated 2 years ago
- Enable or Disable TokenPrivilege(s)☆15May 17, 2024Updated last year
- A collection of position independent coding resources☆107Nov 15, 2025Updated 4 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Feb 6, 2026Updated last month
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls☆389Oct 8, 2024Updated last year
- Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique☆20Dec 3, 2024Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆125Feb 13, 2023Updated 3 years ago
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆185Aug 2, 2023Updated 2 years ago
- kernel callback removal (Bypassing EDR Detections)☆210Nov 14, 2025Updated 4 months ago
- GeoWordlists is a tool to generate wordlists of passwords containing cities at a defined distance around the client city.☆11Nov 24, 2023Updated 2 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆72Feb 11, 2024Updated 2 years ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆267Oct 16, 2024Updated last year
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆412Jan 11, 2026Updated 2 months ago
- AI-based implant feature☆25Apr 28, 2025Updated 10 months ago
- A BOF that suspends non-GUI threads for a target process or resumes them resulting in stealthy process silencing.☆57Apr 14, 2025Updated 11 months ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆559Apr 8, 2025Updated 11 months ago
- Sleep Obfuscation☆824Dec 3, 2023Updated 2 years ago
- Library of BOFs to interact with SQL servers☆23Apr 9, 2025Updated 11 months ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆18Jun 29, 2024Updated last year
- Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP☆127Mar 14, 2026Updated last week
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆324Jan 17, 2024Updated 2 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- Shellcode capable of bypassing EAF / IAF mitigations☆28Apr 11, 2023Updated 2 years ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 6 months ago
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆125Jul 11, 2025Updated 8 months ago
- ☆10Jul 1, 2023Updated 2 years ago