PoC for hiding PE exports
☆67Dec 19, 2020Updated 5 years ago
Alternatives and similar repositories for pexphide
Users that are interested in pexphide are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Disable PPL via custom driver and dump lsass☆15Mar 13, 2021Updated 5 years ago
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆167May 27, 2021Updated 4 years ago
- ☆84Aug 26, 2024Updated last year
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆350Jul 3, 2022Updated 3 years ago
- ☆17Nov 27, 2020Updated 5 years ago
- ☆24Sep 26, 2021Updated 4 years ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆52Jun 14, 2021Updated 4 years ago
- Phantom DLL hollowing PoC☆372May 23, 2022Updated 3 years ago
- RunPE using Hell's Gate technique.☆32Dec 4, 2020Updated 5 years ago
- Antivirus Emulator Fingerprints☆30Oct 12, 2018Updated 7 years ago
- A simple COM server which provides a component to run shellcode☆148May 12, 2020Updated 5 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆109Jan 3, 2021Updated 5 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆116Feb 27, 2021Updated 5 years ago
- A proof-of-concept tool that attempts to retrieve the configuration from the memory dump of an F-Secure C3 Relay executable.☆17Jul 2, 2021Updated 4 years ago
- ☆73Oct 24, 2021Updated 4 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- Companion PoC for the "Adventures in Dynamic Evasion" blog post☆129May 25, 2021Updated 4 years ago
- ☆37May 9, 2019Updated 6 years ago
- A collection of scripts used to support an OffSecOps pipeline.☆15Jan 31, 2021Updated 5 years ago
- ☆23May 28, 2021Updated 4 years ago
- Call 32bit NtDLL API directly from WoW64 Layer☆62Nov 18, 2020Updated 5 years ago
- Hijack Printconfig.dll to execute shellcode☆101Jan 15, 2021Updated 5 years ago
- Software Distribution Service☆12Jul 2, 2015Updated 10 years ago
- Simple header only library to change return address on current stack frame.☆22Sep 4, 2016Updated 9 years ago
- Userland API Unhooker Project☆111Jun 14, 2021Updated 4 years ago
- A way to delete a locked file, or current running executable, on disk.☆618Nov 5, 2025Updated 4 months ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- Project to check which Nt/Zw functions your local EDR is hooking☆200Mar 21, 2021Updated 5 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆242Jul 7, 2021Updated 4 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆105May 14, 2020Updated 5 years ago
- PoC MSVC COFF Object file loader/injector.☆184Mar 19, 2021Updated 5 years ago
- ☆140Nov 24, 2025Updated 3 months ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆686Mar 11, 2024Updated 2 years ago
- inject shellcode into remote process via message hook☆15Oct 28, 2020Updated 5 years ago
- Evasive Process Hollowing Techniques☆142Aug 16, 2020Updated 5 years ago
- ☆24Jun 29, 2020Updated 5 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆97Sep 26, 2019Updated 6 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- Collection of beacon object files for use with Cobalt Strike to facilitate 🐚.☆186Feb 11, 2021Updated 5 years ago