scythe-io / in-memory-cpython
☆96Updated this week
Related projects: ⓘ
- A simple COM server which provides a component to run shellcode☆131Updated 4 years ago
- Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process☆97Updated last year
- ☆63Updated this week
- Injects shellcode into remote processes using direct syscalls☆74Updated 3 years ago
- Inter-Process Communication Mechanisms☆24Updated 4 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆119Updated 2 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆59Updated 3 years ago
- Proxy system calls over an RPC channel☆96Updated 2 years ago
- Shellcode injector using direct syscalls☆116Updated 4 years ago
- C++ function that will automagically unhook a specified Windows API☆59Updated 3 years ago
- ☆110Updated this week
- PE File Blessing - To continue or not to continue☆86Updated 4 years ago
- ☆125Updated this week
- Crystal Anti-Exploit Protection 2012☆35Updated 4 years ago
- ☆68Updated 11 months ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆74Updated 4 years ago
- Binary to shellcode from an object/executable format 32 & 64-bit PE , ELF☆71Updated 3 years ago
- Source code for HppDLL - local password dumping using MsvpPasswordValidate hooks☆1Updated 3 years ago
- Some simple process injection techniques targeting the Windows platform☆30Updated 4 years ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆52Updated 3 years ago
- CSharp Writeups for HackSys Extreme Vulnerable Driver☆43Updated 2 years ago
- Hijack Printconfig.dll to execute shellcode☆95Updated 3 years ago
- A collection of shellcode hashes☆17Updated 6 years ago
- C++ implant that interfaces with a SK8PARK server☆47Updated 3 years ago
- ☆146Updated 4 years ago
- ☆131Updated this week
- ☆49Updated 4 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆91Updated 4 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆33Updated 4 years ago
- Example code for EDR bypassing☆149Updated 5 years ago