michaellandi / exportstoc
Used to create wrappers and proxy libraries for Windows binaries.
☆75Updated 13 years ago
Alternatives and similar repositories for exportstoc:
Users that are interested in exportstoc are comparing it to the libraries listed below
- ☆70Updated 2 months ago
- Use NT Native Registry API to create a registry that normal user can not query.☆90Updated 7 years ago
- Example code for EDR bypassing☆150Updated 6 years ago
- ☆91Updated 4 years ago
- signed-loaders documents Windows executables that can be used for side-loading DLLs.☆67Updated 6 years ago
- An example of how to spawn a process with a spoofed parent PID (Visual C++)☆27Updated 6 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆105Updated 4 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- ☆50Updated 4 years ago
- ☆199Updated 3 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆104Updated 5 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆96Updated 5 years ago
- Project to check which Nt/Zw functions your local EDR is hooking☆186Updated 4 years ago
- ☆150Updated 4 years ago
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆41Updated 4 years ago
- ☆164Updated 3 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆43Updated 7 years ago
- Process Doppelgänging☆155Updated 7 years ago
- Convert PE files to a shellcode☆75Updated 4 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆120Updated 5 years ago
- Shellcode to load an appended Dll☆88Updated 4 years ago
- Windows API Call Obfuscation☆102Updated 2 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆121Updated 3 years ago
- A simple COM server which provides a component to run shellcode☆134Updated 4 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆187Updated 5 years ago
- Silence EDRs by removing kernel callbacks☆231Updated 4 years ago
- Server/Client SOCKS5 (RFC 1928) in Reverse mode on Windows☆35Updated 6 years ago
- Exploring in-memory execution of .NET☆137Updated 3 years ago
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆121Updated 3 years ago
- Manual Map DLL injection implemented with Cobalt Strike's Beacon Object Files.☆151Updated 4 years ago