process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
☆31Jan 9, 2022Updated 4 years ago
Alternatives and similar repositories for process-hollowing
Users that are interested in process-hollowing are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 7 months ago
- Generate Proxy DLLs in Rust☆50Mar 2, 2026Updated 3 weeks ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆134Dec 8, 2025Updated 3 months ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB☆24Jun 27, 2025Updated 8 months ago
- Dump Lsass Memory Using a Reflective Dll☆14Feb 4, 2022Updated 4 years ago
- Shellcode loader with evasion capabilities written in Nim☆15Jan 25, 2025Updated last year
- MacOS Stealer written in Rust. For Legal and Ethical Research Purposes Only.☆25Jan 3, 2025Updated last year
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆91Jan 2, 2026Updated 2 months ago
- ☆55May 31, 2025Updated 9 months ago
- ClickForClickOnce - Generate configurable clickonce payloads☆92Oct 10, 2025Updated 5 months ago
- Windows C++ Implant for Exploration C2☆45Jan 26, 2026Updated last month
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆37Mar 3, 2026Updated 2 weeks ago
- A C# Tool to gather information about email breaches☆16Dec 21, 2023Updated 2 years ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 10 months ago
- Automated script for obfuscating, rebranding and renaming the Havoc C2 Framework to evade AV/EDR and C2 hunters.☆46Aug 13, 2025Updated 7 months ago
- A C# project that builds a Web Application which redirects all HTTPS☆26Feb 11, 2025Updated last year
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year
- Repository for the DEF CON 33 talk: Kill Chain Reloaded☆81Aug 3, 2025Updated 7 months ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆87Apr 11, 2023Updated 2 years ago
- A small How-To on creating your own weaponized WSL file☆124Jul 23, 2025Updated 8 months ago
- A collection of sample code used in some experiments with Sliver C2☆16Mar 28, 2023Updated 2 years ago
- Basic d3d11 nuklear implementation for internal game cheats.☆16Jan 21, 2021Updated 5 years ago
- Nim Shellcode Injector☆15Jan 24, 2021Updated 5 years ago
- A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …☆92Oct 10, 2022Updated 3 years ago
- NSecSoftBYOVD POC☆58Feb 12, 2026Updated last month
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆14Jul 16, 2025Updated 8 months ago
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- A high-fidelity x86_64 polymorphic mutation engine focused on instruction-level fragmentation and context preservation.☆111Jan 18, 2026Updated 2 months ago
- ShadowDropper is a utility for covertly delivering and executing payloads on a target system.☆27Jul 4, 2025Updated 8 months ago
- 7 days of Red Teaming TTPs that your favorite tools may use to acheive a post exploitation goal☆18Apr 17, 2021Updated 4 years ago
- Citrix Phishlet☆24Feb 2, 2021Updated 5 years ago
- A portable bridge between your C2 infrastructure and Discord, built for quick and lightweight operations.☆12Jun 3, 2025Updated 9 months ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Feb 11, 2024Updated 2 years ago
- This is the latest version of XenoRAT, updated with configurations and capable of bypassing all system securities. It will be maintained …☆23Apr 16, 2025Updated 11 months ago
- ☆164May 5, 2025Updated 10 months ago
- ☆31Aug 13, 2025Updated 7 months ago
- Static binary analysis with Detect It Easy — 100% in your browser, no uploads.☆57Feb 10, 2026Updated last month