rxOred / process-hollowingLinks
process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
☆31Updated 3 years ago
Alternatives and similar repositories for process-hollowing
Users that are interested in process-hollowing are comparing it to the libraries listed below
Sorting:
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 6 months ago
- various methods of making API calls☆19Updated 7 months ago
- A simple Linux in-memory .so loader☆32Updated 2 years ago
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆34Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28Updated last year
- example using NtCreateUserProcess in rust☆19Updated 8 months ago
- AIDA64DRIVER Elevation of Privilege Vulnerability☆15Updated 11 months ago
- ☆37Updated 5 months ago
- A bunch of shenanigans using functions, VEH and more☆34Updated 3 months ago
- Payload Obfuscation for Red Teams workshop materials☆54Updated 3 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆26Updated 5 months ago
- Generate Proxy DLLs in Rust☆44Updated 3 weeks ago
- ☆12Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Updated 3 years ago
- A work in progress BOF/COFF loader in Rust☆51Updated 2 years ago
- Self Delete DLL☆23Updated last year
- A more reliable way of resolving syscall numbers in Windows☆52Updated last year
- A lexer and parser for Sleep☆20Updated 4 months ago
- Hooked create process injection for meterpreter☆23Updated 4 years ago
- An example of COM hijacking using a proxy DLL.☆40Updated 4 years ago
- a demo module for the kaine agent to execute and inject assembly modules☆41Updated last year
- early cascade injection PoC based on Outflanks blog post, in rust☆60Updated 10 months ago
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- ☆22Updated 2 years ago
- ☆29Updated 8 months ago
- use python on windows with full submodule support without installation☆31Updated 8 months ago
- idk man this was the default github name☆35Updated 2 years ago
- ☆31Updated 9 months ago
- rust clr heap encryption (https://github.com/lap1nou/CLR_Heap_encryption), but no heap encryption.☆17Updated last year