Read Memory without ReadProcessMemory for Current Process
☆92Feb 13, 2022Updated 4 years ago
Alternatives and similar repositories for CReadMemory
Users that are interested in CReadMemory are comparing it to the libraries listed below
Sorting:
- C code to enable ETW tracing for Dotnet Assemblies☆32Aug 12, 2022Updated 3 years ago
- ☆81Feb 12, 2022Updated 4 years ago
- This project is created for research into antivirus evasion by unhooking.☆18Sep 2, 2021Updated 4 years ago
- Windows API Call Obfuscation☆112Dec 9, 2022Updated 3 years ago
- ☆74Jul 23, 2021Updated 4 years ago
- LdrLoadDll Unhooking☆135Jan 16, 2022Updated 4 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆101Feb 28, 2023Updated 3 years ago
- ☆12Apr 7, 2022Updated 3 years ago
- Hides processes from the windows task manager using IAT hooking.☆22Mar 30, 2021Updated 4 years ago
- In-memory token vault BOF for Cobalt Strike☆149Aug 18, 2022Updated 3 years ago
- Overwrite a process's recovery callback and execute with WER☆102Apr 17, 2022Updated 3 years ago
- It stinks☆105Apr 22, 2022Updated 3 years ago
- Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.☆18Jan 21, 2022Updated 4 years ago
- ☆208Apr 5, 2022Updated 3 years ago
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- Replace the .txt section of the current loaded modules from \KnownDlls\☆305Sep 28, 2022Updated 3 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- An implementation and proof-of-concept of Process Forking.☆230Nov 29, 2021Updated 4 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- ☆123Oct 9, 2023Updated 2 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆138Jul 10, 2025Updated 7 months ago
- Perun's Fart (Slavic God's Luck). Another method for unhooking AV and EDR, this is my C# version.☆117Dec 26, 2021Updated 4 years ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 2 years ago
- ☆78Oct 18, 2022Updated 3 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆501Jan 25, 2022Updated 4 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆55Mar 3, 2022Updated 3 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆167Apr 22, 2022Updated 3 years ago
- x86 PE Mutator☆233Dec 24, 2022Updated 3 years ago
- ErebusGate for Nim Bypass AV/EDR☆162Nov 7, 2022Updated 3 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- POC for frustrating/defeating Malware Analysts☆156Jun 12, 2022Updated 3 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆553Apr 8, 2025Updated 10 months ago
- Infect Shared Files In Memory for Lateral Movement☆193Dec 14, 2022Updated 3 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago