milkdevil / injectAllTheThings
☆72Updated 7 years ago
Alternatives and similar repositories for injectAllTheThings:
Users that are interested in injectAllTheThings are comparing it to the libraries listed below
- Files for http://blog.deniable.org/posts/windows-callbacks/☆69Updated 2 years ago
- CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode.☆131Updated last year
- A small PoC that creates processes in Windows☆174Updated 7 months ago
- GhostWriting Injection Technique.☆166Updated 6 years ago
- Silence EDRs by removing kernel callbacks☆226Updated 4 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆234Updated last year
- ☆160Updated 3 years ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆102Updated 3 years ago
- ☆191Updated 2 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆133Updated last year
- Example code for EDR bypassing☆149Updated 5 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆106Updated 2 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆260Updated last year
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆160Updated last month
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆213Updated last year
- PoC MSVC COFF Object file loader/injector.☆169Updated 3 years ago
- WTSRM☆206Updated 2 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 3 years ago
- The code is a pingback to the Dark Vortex blog:☆169Updated last year
- Security product hook detection☆315Updated 3 years ago
- ☆79Updated 3 years ago
- PoC capable of detecting manual syscalls from usermode.☆188Updated 2 months ago
- ☆110Updated 2 years ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆129Updated 2 years ago
- x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks☆199Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆109Updated last year
- Evasive Process Hollowing Techniques☆135Updated 4 years ago
- An easily modifiable shellcode template for Windows x64 written in C☆234Updated last year
- Load a dynamic library from memory by modifying the native Windows loader☆207Updated this week