rxOred / process-hollowingLinks
process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
☆28Updated 3 years ago
Alternatives and similar repositories for process-hollowing
Users that are interested in process-hollowing are comparing it to the libraries listed below
Sorting:
- ☆35Updated 4 months ago
- various methods of making API calls☆19Updated 7 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- Hooked create process injection for meterpreter☆23Updated 4 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆27Updated last year
- A work in progress BOF/COFF loader in Rust☆51Updated 2 years ago
- A bunch of shenanigans using functions, VEH and more☆34Updated 2 months ago
- A simple Linux in-memory .so loader☆30Updated 2 years ago
- An In-memory Embedding of CPython☆30Updated 4 years ago
- ☆28Updated 7 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆25Updated 4 months ago
- A C# implementation that disables Windows Firewall bypassing UAC☆15Updated 10 months ago
- idk man this was the default github name☆35Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 5 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆23Updated last year
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Updated 7 months ago
- early cascade injection PoC based on Outflanks blog post, in rust☆60Updated 9 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆40Updated last year
- AIDA64DRIVER Elevation of Privilege Vulnerability☆15Updated 10 months ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- ☆55Updated 2 years ago
- Self Delete DLL☆23Updated last year
- Dynamically resolve API function addresses at runtime in a secure manner.☆68Updated 4 months ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆38Updated 2 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆22Updated last year
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆65Updated last week
- Example of using Sleep to create better named pipes.☆41Updated 2 years ago
- ☆43Updated last year
- miscellaneous codes☆35Updated last year