repnz / rpcmon
RPC Monitor based on The ETW Microsoft-Windows-Rpc provider
☆25Updated 4 years ago
Related projects: ⓘ
- ☆32Updated 2 years ago
- Yet another Windows DLL injector.☆36Updated 2 years ago
- This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate a…☆55Updated 2 years ago
- A PoC tool for exploiting leaked process and thread handles☆30Updated 7 months ago
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆23Updated 4 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆38Updated 2 years ago
- Convert native dll to shellcode, and support exported function☆22Updated 3 years ago
- Subtract one PE file from another!☆19Updated 2 years ago
- A Study in Obfuscation: Analyzing the effect of various techniques to bypass AV engines☆41Updated last year
- Hijack Printconfig.dll to execute shellcode☆95Updated 3 years ago
- ☆26Updated 2 years ago
- Executes shellcode from a remote server and aims to evade in-memory scanners☆29Updated 4 years ago
- ETWNetMonv3 is simple C# code for Monitoring TCP Network Connection via ETW & ETWProcessMon/2 is for Monitoring Process/Thread/Memory/Ima…☆38Updated last year
- ☆30Updated this week
- Files for http://deniable.org/windows/windows-callbacks☆24Updated 4 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆20Updated 2 years ago
- My try to implement a virtual CPU in C☆19Updated 10 months ago
- 非涉密源码☆19Updated 6 months ago
- This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built i…☆29Updated 2 years ago
- ☆37Updated last year
- ☆12Updated 2 years ago
- This is a project to receive Base64 data and decode it in process☆14Updated 4 years ago
- 参考taviso的代码逆向一下mpengine.dll☆19Updated 2 years ago
- ☆49Updated 4 years ago
- ☆15Updated this week
- Bypass UAC by abusing the Windows Defender Firewall Control Panel, environment variables, and shell protocol handlers☆16Updated 3 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆38Updated 3 years ago
- ☆14Updated this week
- Slides from various conference talks☆36Updated last year
- This is a random process injector, and more injection techniques will be added in the future.☆11Updated 4 years ago