thefLink / Hunt-Weird-ImageLoads
Small tool to play with IOCs caused by Imageload events
☆42Updated last year
Alternatives and similar repositories for Hunt-Weird-ImageLoads:
Users that are interested in Hunt-Weird-ImageLoads are comparing it to the libraries listed below
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆38Updated last year
- Dynamically resolve API function addresses at runtime in a secure manner.☆46Updated 3 months ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆39Updated 6 months ago
- Bunch of BOF files☆26Updated last month
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆14Updated 6 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆39Updated last year
- ☆47Updated last year
- A work in progress BOF/COFF loader in Rust☆46Updated last year
- ☆29Updated last month
- ☆28Updated 4 months ago
- ☆42Updated last year
- ☆28Updated 7 months ago
- ☆71Updated 2 years ago
- ☆42Updated last year
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆28Updated 3 years ago
- Sleep Obfuscation☆42Updated 2 years ago
- BOF for C2 framework☆40Updated 2 months ago
- ☆35Updated last year
- ☆45Updated last year
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- API Hammering with C++20☆42Updated 2 years ago
- An example of COM hijacking using a proxy DLL.☆25Updated 3 years ago
- A care package of useful bofs for red team engagments☆53Updated last month
- idk man this was the default github name☆35Updated last year