passthehashbrowns / suspendedunhookLinks
☆39Updated 4 years ago
Alternatives and similar repositories for suspendedunhook
Users that are interested in suspendedunhook are comparing it to the libraries listed below
Sorting:
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆56Updated 2 years ago
- ☆14Updated 3 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆40Updated 4 years ago
- Halos Gate-based NTAPI Unhooker☆52Updated 3 years ago
- ☆62Updated 3 years ago
- ☆43Updated last year
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆93Updated 3 years ago
- Beacon Object Files (not Buffer Overflows)☆56Updated 2 years ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆29Updated 2 years ago
- API Hammering with C++20☆46Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆54Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆27Updated 3 years ago
- My implementation of Halo's Gate technique in C#☆54Updated 3 years ago
- ☆82Updated 9 months ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆56Updated 2 years ago
- Extended Process List (Search functionality)☆29Updated 4 years ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆29Updated 3 years ago
- A care package of useful bofs for red team engagments☆55Updated 6 months ago
- An example of COM hijacking using a proxy DLL.☆28Updated 3 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx☆14Updated 4 years ago
- RDLL for Cobalt Strike beacon to silence sysmon process☆88Updated 2 years ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆48Updated last year
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.☆85Updated 3 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆31Updated 2 years ago
- Get your data from the resource section manually, with no need for windows apis☆62Updated 7 months ago
- ☆82Updated 3 years ago