rad9800/hwbp4mw

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/rad9800/hwbp4mw)

rad9800 / hwbp4mw

☆274

Alternatives and similar repositories for hwbp4mw

Users that are interested in hwbp4mw are comparing it to the libraries listed below

Sorting:

rad9800 / misc
View on GitHub
miscellaneous scripts and programs
☆277Jan 23, 2025Updated last year
rad9800 / VehApiResolve
View on GitHub
☆118Aug 7, 2022Updated 3 years ago
rad9800 / TamperingSyscalls
View on GitHub
☆505Aug 14, 2022Updated 3 years ago
LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
View on GitHub
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
☆263Apr 29, 2023Updated 2 years ago
rad9800 / WTSRM
View on GitHub
WTSRM
☆216Aug 7, 2022Updated 3 years ago
rad9800 / WTSRM2
View on GitHub
☆164Dec 30, 2022Updated 3 years ago
Dec0ne / HWSyscalls
View on GitHub
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
☆718Jul 19, 2023Updated 2 years ago
klezVirus / SilentMoonwalk
View on GitHub
PoC Implementation of a fully dynamic call stack spoofer
☆921Jul 20, 2024Updated last year
JanielDary / ImmoralFiber
View on GitHub
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
☆283Sep 18, 2024Updated last year
deepinstinct / Dirty-Vanity
View on GitHub
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
☆675Dec 23, 2022Updated 3 years ago
janoglezcampos / c_syscalls
View on GitHub
Single stub direct and indirect syscalling with runtime SSN resolving for windows.
☆140Sep 12, 2022Updated 3 years ago
Cracked5pider / CodeCave
View on GitHub
A bunch of scripts and code i wrote.
☆149Nov 7, 2024Updated last year
passthehashbrowns / VectoredExceptionHandling
View on GitHub
☆108Aug 21, 2024Updated last year
paranoidninja / Proxy-DLL-Loads
View on GitHub
The code is a pingback to the Dark Vortex blog:
☆186Jan 26, 2023Updated 3 years ago
GetRektBoy724 / DCMB
View on GitHub
Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
☆251Jul 9, 2024Updated last year
Cobalt-Strike / CallStackMasker
View on GitHub
A PoC implementation for dynamically masking call stacks with timers.
☆309Feb 13, 2023Updated 3 years ago
SolomonSklash / netntlm
View on GitHub
A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP
☆37Jul 27, 2021Updated 4 years ago
paranoidninja / Process-Instrumentation-Syscall-Hook
View on GitHub
A simple program to hook the current process to identify the manual syscall executions on windows
☆265Nov 18, 2022Updated 3 years ago
WithSecureLabs / TickTock
View on GitHub
☆113Oct 10, 2022Updated 3 years ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆682Oct 23, 2024Updated last year
thefLink / DeepSleep
View on GitHub
A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
☆374May 24, 2022Updated 3 years ago
kleiton0x00 / Proxy-DLL-Loads
View on GitHub
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
☆411Jan 11, 2026Updated last month
med0x2e / vba2clr
View on GitHub
Running .NET from VBA
☆148Feb 11, 2023Updated 3 years ago
OccamsXor / Dragnmove
View on GitHub
Infect Shared Files In Memory for Lateral Movement
☆193Dec 14, 2022Updated 3 years ago
lap1nou / CLR_Heap_encryption
View on GitHub
☆101Oct 7, 2023Updated 2 years ago
WithSecureLabs / CallStackSpoofer
View on GitHub
A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
☆558Apr 8, 2025Updated 11 months ago
Signal-Labs / iat_unhook_sample
View on GitHub
(First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls…
☆137Mar 3, 2025Updated last year
Cracked5pider / Stardust
View on GitHub
A modern 32/64-bit position independent implant template
☆1,303Mar 21, 2025Updated 11 months ago
janoglezcampos / DeathSleep
View on GitHub
A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…
☆535Aug 1, 2022Updated 3 years ago
Kudaes / Unwinder
View on GitHub
Call stack spoofing for Rust
☆357Feb 7, 2025Updated last year
bohops / DynamicDotNet
View on GitHub
A collection of various and sundry code snippets that leverage .NET dynamic tradecraft
☆145May 18, 2024Updated last year
waldo-irc / YouMayPasser
View on GitHub
You shall pass
☆270Jul 16, 2022Updated 3 years ago
NUL0x4C / KnownDllUnhook
View on GitHub
Replace the .txt section of the current loaded modules from \KnownDlls\
☆305Sep 28, 2022Updated 3 years ago
paranoidninja / Proxy-Function-Calls-For-ETwTI
View on GitHub
The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
☆210Jan 29, 2023Updated 3 years ago
susMdT / LoudSunRun
View on GitHub
Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
☆263Oct 16, 2024Updated last year
reveng007 / ReflectiveNtdll
View on GitHub
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…
☆180Feb 10, 2023Updated 3 years ago
fortra / hw-call-stack
View on GitHub
Use hardware breakpoints to spoof the call stack for both syscalls and API calls
☆203Jun 6, 2024Updated last year
Cracked5pider / Ekko
View on GitHub
Sleep Obfuscation
☆817Dec 3, 2023Updated 2 years ago
Cracked5pider / CoffeeLdr
View on GitHub
Beacon Object File Loader
☆293Dec 3, 2023Updated 2 years ago