Read Memory without ReadProcessMemory for Current Process
☆92Feb 13, 2022Updated 4 years ago
Alternatives and similar repositories for CReadMemory
Users that are interested in CReadMemory are comparing it to the libraries listed below
Sorting:
- ☆82Feb 12, 2022Updated 4 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- This project is created for research into antivirus evasion by unhooking.☆18Sep 2, 2021Updated 4 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- LdrLoadDll Unhooking☆135Jan 16, 2022Updated 4 years ago
- ☆74Jul 23, 2021Updated 4 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- Windows API Call Obfuscation☆113Dec 9, 2022Updated 3 years ago
- ☆12Apr 7, 2022Updated 3 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆55Mar 3, 2022Updated 4 years ago
- Overwrite a process's recovery callback and execute with WER☆101Apr 17, 2022Updated 3 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆266Nov 18, 2022Updated 3 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- It stinks☆103Apr 22, 2022Updated 3 years ago
- ☆61Feb 10, 2022Updated 4 years ago
- ErebusGate for Nim Bypass AV/EDR☆161Nov 7, 2022Updated 3 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆167Apr 22, 2022Updated 3 years ago
- Replace the .txt section of the current loaded modules from \KnownDlls\☆305Sep 28, 2022Updated 3 years ago
- ☆208Apr 5, 2022Updated 3 years ago
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.☆18Jan 21, 2022Updated 4 years ago
- Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.☆117Dec 26, 2021Updated 4 years ago
- Asynchronous RDP/VNC client for Python (GUI)☆78Jan 1, 2025Updated last year
- An implementation and proof-of-concept of Process Forking.☆230Nov 29, 2021Updated 4 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- comparing data of module exports from disk and memory, then caching any differences.☆26Dec 11, 2021Updated 4 years ago
- POC for frustrating/defeating Malware Analysts☆156Jun 12, 2022Updated 3 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆500Jan 25, 2022Updated 4 years ago
- Hides processes from the windows task manager using IAT hooking.☆22Mar 30, 2021Updated 4 years ago
- SyscallLoader☆11Sep 13, 2021Updated 4 years ago
- Finding Truth in the Shadows☆125Jan 26, 2023Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆139Jul 10, 2025Updated 8 months ago
- Cobalt Strike Beacon Object File (BOF) that uses WinStationConnect API to perform local/remote RDP session hijacking.☆313Jul 8, 2022Updated 3 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆559Apr 8, 2025Updated 11 months ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆41Sep 23, 2021Updated 4 years ago
- ☆90Jun 2, 2024Updated last year
- BOF implementation of the research by @jonasLyk and the drafted PoC from @LloydLabs☆186Oct 3, 2021Updated 4 years ago