process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
☆31Jan 9, 2022Updated 4 years ago
Alternatives and similar repositories for process-hollowing
Users that are interested in process-hollowing are comparing it to the libraries listed below
Sorting:
- Impersonate Windows tokens in Nim☆23Aug 4, 2025Updated 6 months ago
- Generate Proxy DLLs in Rust☆48Updated this week
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB☆24Jun 27, 2025Updated 8 months ago
- Dump Lsass Memory Using a Reflective Dll☆14Feb 4, 2022Updated 4 years ago
- various methods of making API calls☆19Feb 1, 2025Updated last year
- ClickForClickOnce - Generate configurable clickonce payloads☆90Oct 10, 2025Updated 4 months ago
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆131Dec 8, 2025Updated 2 months ago
- MacOS Stealer written in Rust. For Legal and Ethical Research Purposes Only.☆26Jan 3, 2025Updated last year
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆89Jan 2, 2026Updated 2 months ago
- A C# project that builds a Web Application which redirects all HTTPS☆26Feb 11, 2025Updated last year
- Repository for the DEF CON 33 talk: Kill Chain Reloaded☆79Aug 3, 2025Updated 7 months ago
- ☆55May 31, 2025Updated 9 months ago
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- Shellcode loader with evasion capabilities written in Nim☆15Jan 25, 2025Updated last year
- AI-Powered Reverse Engineering Plugin for IDA Pro☆45Updated this week
- A small How-To on creating your own weaponized WSL file☆121Jul 23, 2025Updated 7 months ago
- Automated script for obfuscating, rebranding and renaming the Havoc C2 Framework to evade AV/EDR and C2 hunters.☆46Aug 13, 2025Updated 6 months ago
- Citrix Phishlet☆24Feb 2, 2021Updated 5 years ago
- Windows C++ Implant for Exploration C2☆44Jan 26, 2026Updated last month
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 9 months ago
- User-Defined C2 BOF Template☆28Nov 24, 2025Updated 3 months ago
- A portable bridge between your C2 infrastructure and Discord, built for quick and lightweight operations.☆12Jun 3, 2025Updated 9 months ago
- ShadowDropper is a utility for covertly delivering and executing payloads on a target system.☆27Jul 4, 2025Updated 8 months ago
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆13Jul 16, 2025Updated 7 months ago
- A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally …☆91Oct 10, 2022Updated 3 years ago
- ☆48Jun 6, 2025Updated 8 months ago
- An improvement and a different approach to Mockingjay Self-Injection.☆35May 21, 2024Updated last year
- NSecSoftBYOVD POC☆57Feb 12, 2026Updated 2 weeks ago
- ☆31Aug 23, 2020Updated 5 years ago
- ☆58Feb 16, 2025Updated last year
- Red Team Collaboration Infrastructure☆98Apr 24, 2025Updated 10 months ago
- ☆41Feb 20, 2025Updated last year
- Enable or Disable TokenPrivilege(s)☆15May 17, 2024Updated last year
- single-threaded event driven sleep obfuscation poc for linux☆38Jun 14, 2025Updated 8 months ago
- It's what all the kids are talking about☆12Apr 25, 2023Updated 2 years ago
- Misery Loader to bypass modern EDR solutions☆18Dec 20, 2024Updated last year
- Find Inbound Email Domains☆35Dec 21, 2023Updated 2 years ago
- A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation☆38Dec 7, 2025Updated 2 months ago