michaellandi / exportstoc

Related projects: ⓘ

• Signal-Labs / NtdllUnpatcher
  Example code for EDR bypassing
  ☆149Updated 5 years ago
• elastic / PPLGuard
  ☆68Updated 11 months ago
• mdsecactivebreach / com_inject
  ☆179Updated 2 years ago
• aaaddress1 / sakeInject
  Windows PE - TLS (Thread Local Storage) Injector in C/C++
  ☆102Updated 3 years ago
• EgeBalci / Hook_API
  Assembly block for hooking windows API functions.
  ☆81Updated 5 years ago
• marpie / signed-loaders
  signed-loaders documents Windows executables that can be used for side-loading DLLs.
  ☆67Updated 5 years ago
• d35ha / PE2Shellcode
  Convert PE files to a shellcode
  ☆73Updated 4 years ago
• mdsecactivebreach / ParallelSyscalls
  ☆161Updated 2 years ago
• xpn / RpcEnum
  An command-line RPC method enumerator, born out of RPCView's awesomeness
  ☆97Updated 5 years ago
• hoangprod / DanSpecial
  Weaponizing Gigabyte driver for priv escalation and bypass PPL
  ☆68Updated 5 years ago
• mdsecactivebreach / firewalker
  ☆146Updated 4 years ago
• w1u0u1 / minidump
  Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…
  ☆115Updated 2 years ago
• MahmoudZohdy / APICallProxy
  Windows API Call Obfuscation
  ☆86Updated last year
• earthquake / Socks5Server
  Windows C/C++ Socks5 Server
  ☆77Updated last year
• 3gstudent / HiddenNtRegistry
  Use NT Native Registry API to create a registry that normal user can not query.
  ☆54Updated 6 years ago
• 3gstudent / Use-COM-objects-to-bypass-UAC
  ☆88Updated 3 years ago
• UserExistsError / DllLoaderShellcode
  Shellcode to load an appended Dll
  ☆89Updated 3 years ago
• asaurusrex / Probatorum-EDR-Userland-Hook-Checker
  Project to check which Nt/Zw functions your local EDR is hooking
  ☆179Updated 3 years ago
• outflanknl / TamperETW
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆184Updated 4 years ago
• NtRaiseHardError / AntiHook
  PoC designed to evade userland-hooking anti-virus.
  ☆85Updated 5 years ago
• leoloobeek / COMRunner
  A simple COM server which provides a component to run shellcode
  ☆131Updated 4 years ago
• N4kedTurtle / HellsGatePoC
  ☆48Updated 4 years ago
• Yaxser / COFFLoader2
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆189Updated 2 years ago
• elddy / Windows-NTAPI-Injector
  Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses
  ☆40Updated 3 years ago
• uvbs / NT-APC-Injector
  APC DLL Injector with NtQueueApcThread and wake up thread support
  ☆44Updated 6 years ago
• scythe-io / memory-module-loader
  ☆110Updated this week
• jackullrich / TRunPE
  A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…
  ☆91Updated 4 years ago
• realoriginal / ppdump-public
  ☆131Updated this week
• aaaddress1 / wowGrail
  PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
  ☆100Updated 3 years ago
• 3gstudent / Inject-dll-by-Process-Doppelganging
  Process Doppelgänging
  ☆152Updated 6 years ago