reversinghub / hide-and-seekLinks
PoC for hiding processes from Windows Task Manager by manipulating the graphic interface
☆44Updated 5 years ago
Alternatives and similar repositories for hide-and-seek
Users that are interested in hide-and-seek are comparing it to the libraries listed below
Sorting:
- Simple PE Packer Which Encrypts .text Section☆51Updated 8 years ago
- Process Hollowing demonstration & explanation☆35Updated 4 years ago
- Bypass UAC at any level by abusing the Task Scheduler and environment variables☆31Updated 3 years ago
- A Bumblebee-inspired Crypter☆80Updated 2 years ago
- kernel to user mode APC injector☆44Updated 3 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆29Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆85Updated 2 years ago
- ☆111Updated 2 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆71Updated 4 years ago
- Bypass UAC by abusing shell protocol handlers☆14Updated 3 years ago
- Read Memory without ReadProcessMemory for Current Process☆76Updated 3 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Updated 3 years ago
- Process Hollowing POC in CPP☆15Updated 4 years ago
- Header only library for obfuscation import winapi functions.☆40Updated 3 months ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆111Updated 3 years ago
- Recreating and reviewing the Windows persistence methods☆38Updated 3 years ago
- Clone running process with ZwCreateProcess☆57Updated 4 years ago
- NT AUTHORITY\SYSTEM☆39Updated 4 years ago
- ☆59Updated 2 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆27Updated last year
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆57Updated 3 years ago
- 2022 Updated Kernelmode-Code☆31Updated last year
- Small PoC of using a Microsoft signed executable as a lolbin.☆137Updated 2 years ago
- stack based buffer overflow in MsIo64.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆11Updated 3 years ago
- Overwrite MBR and add own custom message☆17Updated 5 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆43Updated 8 months ago
- Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.☆19Updated 2 years ago
- Process Injection without R/W target memory and without creating a remote thread☆18Updated 3 years ago
- ☆13Updated 4 years ago
- With this RunPE you can easily inject your payload in any x86 or x64 program.☆14Updated 6 years ago