mgeeky / PEInfo
Another Portable Executable files analysing stuff
☆18Updated 13 years ago
Related projects ⓘ
Alternatives and complementary repositories for PEInfo
- A C port of b33f's UrbanBishop☆37Updated 4 years ago
- Windows GPU rootkit PoC by Team Jellyfish☆35Updated 9 years ago
- A simple injector that uses LoadLibraryA☆16Updated 4 years ago
- Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx☆14Updated 3 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆37Updated 3 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆15Updated 6 years ago
- Just another casual shellcode native loader☆24Updated 2 years ago
- A tool for leveraging elevated acess over a computer to boot the computer into Windows Safe Mode, alter settings, and then boot back into…☆15Updated 3 years ago
- really ?☆12Updated 8 months ago
- PoC code from blog☆16Updated 4 years ago
- Small tool to play with IOCs caused by Imageload events☆37Updated last year
- C# code to run PIC using CreateThread☆16Updated 5 years ago
- Execute Shellcode And Other Goodies From MMC☆12Updated 9 years ago
- ☆31Updated 4 years ago
- NimSkrull is an adaption from the original Skrull malware anti-copy DRM. Only for the anti-copy feature. (https://github.com/aaaddress1/S…☆12Updated last year
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆14Updated 4 months ago
- API hashing written in C to load APIs indirectly using CRC32 hashing☆13Updated 4 years ago
- API Hammering with C++20☆34Updated 2 years ago
- A more advanced free and open .NET obfuscator using dnlib.☆10Updated 2 years ago
- C# project to Reflectively load .Net assemblies in memory☆17Updated 5 months ago
- ☆20Updated 3 years ago
- NT AUTHORITY\SYSTEM☆38Updated 4 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆33Updated 4 years ago
- Manually perform syscalls without going through any external API or DLL.☆17Updated last year
- Simple tool to use LsaManageSidNameMapping get LSA to add or remove SID to name mappings.☆23Updated 4 years ago
- ☆25Updated last month
- A simple PE loader.☆25Updated last year