Run Processes as PPL with ELAM
☆177Mar 17, 2022Updated 4 years ago
Alternatives and similar repositories for PPLRunner
Users that are interested in PPLRunner are comparing it to the libraries listed below
Sorting:
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆301Apr 10, 2021Updated 4 years ago
- Sysmon-Like research tool for ETW☆387Nov 15, 2022Updated 3 years ago
- Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider☆198Dec 6, 2022Updated 3 years ago
- KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.☆755Mar 9, 2026Updated last week
- Silence EDRs by removing kernel callbacks☆239Dec 7, 2020Updated 5 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Dec 16, 2020Updated 5 years ago
- ☆208Apr 5, 2022Updated 3 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆36Nov 12, 2021Updated 4 years ago
- View ETW Provider manifest☆576Nov 1, 2024Updated last year
- Tool to bypass LSA Protection (aka Protected Process Light)☆989Dec 4, 2022Updated 3 years ago
- ☆155Jul 31, 2022Updated 3 years ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆843Mar 11, 2021Updated 5 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆587Jan 24, 2023Updated 3 years ago
- handle elevation using bedaisy.☆12Aug 17, 2020Updated 5 years ago
- Security product hook detection☆327Mar 30, 2021Updated 4 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- Dump the memory of a PPL with a userland exploit☆888Jul 24, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- OffensivePH - use old Process Hacker driver to bypass several user-mode access controls☆334Oct 9, 2021Updated 4 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆232Jul 26, 2020Updated 5 years ago
- ☆263May 9, 2024Updated last year
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆150Sep 16, 2020Updated 5 years ago
- A way to delete a locked file, or current running executable, on disk.☆618Nov 5, 2025Updated 4 months ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆559Apr 8, 2025Updated 11 months ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆241Nov 6, 2019Updated 6 years ago
- A tool to kill antimalware protected processes☆1,506Jun 19, 2021Updated 4 years ago
- A little tool to play with the Seclogon service☆326Jul 10, 2022Updated 3 years ago
- x64 syscall caller in C++.☆93Jun 23, 2018Updated 7 years ago
- simply manual map any system image☆18Feb 1, 2021Updated 5 years ago
- Dump the memory of any PPL with a Userland exploit chain☆352Mar 17, 2023Updated 3 years ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆581Mar 8, 2024Updated 2 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- Kernel shellcode injector☆148Mar 23, 2021Updated 4 years ago
- ☆1,793Aug 30, 2024Updated last year
- c++ implementation of windows heavens gate☆71Feb 12, 2021Updated 5 years ago
- ☆85Jan 12, 2022Updated 4 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago