PoC for hiding PE exports
☆67Dec 19, 2020Updated 5 years ago
Alternatives and similar repositories for pexphide
Users that are interested in pexphide are comparing it to the libraries listed below
Sorting:
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆167May 27, 2021Updated 4 years ago
- ☆24Sep 26, 2021Updated 4 years ago
- ☆84Aug 26, 2024Updated last year
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆349Jul 3, 2022Updated 3 years ago
- Disable PPL via custom driver and dump lsass☆15Mar 13, 2021Updated 4 years ago
- ☆140Nov 24, 2025Updated 3 months ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆52Jun 14, 2021Updated 4 years ago
- A proof-of-concept tool that attempts to retrieve the configuration from the memory dump of an F-Secure C3 Relay executable.☆17Jul 2, 2021Updated 4 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆116Feb 27, 2021Updated 5 years ago
- Antivirus Emulator Fingerprints☆30Oct 12, 2018Updated 7 years ago
- RunPE using Hell's Gate technique.☆32Dec 4, 2020Updated 5 years ago
- ☆73Oct 24, 2021Updated 4 years ago
- Companion PoC for the "Adventures in Dynamic Evasion" blog post☆129May 25, 2021Updated 4 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆109Jan 3, 2021Updated 5 years ago
- Phantom DLL hollowing PoC☆370May 23, 2022Updated 3 years ago
- Userland API Unhooker Project☆111Jun 14, 2021Updated 4 years ago
- Call 32bit NtDLL API directly from WoW64 Layer☆62Nov 18, 2020Updated 5 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- Project to check which Nt/Zw functions your local EDR is hooking☆200Mar 21, 2021Updated 4 years ago
- Hijack Printconfig.dll to execute shellcode☆100Jan 15, 2021Updated 5 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆97Sep 26, 2019Updated 6 years ago
- A simple COM server which provides a component to run shellcode☆149May 12, 2020Updated 5 years ago
- Evasive Process Hollowing Techniques☆142Aug 16, 2020Updated 5 years ago
- PoC MSVC COFF Object file loader/injector.☆185Mar 19, 2021Updated 4 years ago
- Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.☆185Feb 11, 2021Updated 5 years ago
- A way to delete a locked file, or current running executable, on disk.☆616Nov 5, 2025Updated 3 months ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104May 14, 2020Updated 5 years ago
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆291Mar 8, 2023Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆684Mar 11, 2024Updated last year
- A collection of scripts used to support an OffSecOps pipeline.☆15Jan 31, 2021Updated 5 years ago
- Runpe + DInvoke + Syscall☆16Jun 18, 2021Updated 4 years ago
- ☆37May 9, 2019Updated 6 years ago
- Set of antianalysis techniques found in malware☆133Aug 25, 2023Updated 2 years ago
- ☆23May 28, 2021Updated 4 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- ☆53Nov 11, 2021Updated 4 years ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆229Mar 22, 2023Updated 2 years ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆71Nov 14, 2020Updated 5 years ago
- API monitoring via return-hijacking thunks; works without information about target function prototypes.☆117May 26, 2020Updated 5 years ago