uvbs / NT-APC-Injector
APC DLL Injector with NtQueueApcThread and wake up thread support
☆44Updated 6 years ago
Related projects: ⓘ
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆38Updated 2 years ago
- ☆68Updated 11 months ago
- ☆48Updated 4 years ago
- Enabled / Disable LSA Protection via BYOVD☆61Updated 2 years ago
- ☆31Updated 4 years ago
- ☆15Updated 3 years ago
- Inject unsigned DLL into Protected Process Light (PPL)☆12Updated last year
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 3 years ago
- Next gen process injection technique☆41Updated 4 years ago
- ☆14Updated this week
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆91Updated 4 years ago
- Windows API Call Obfuscation☆86Updated last year
- A compact tool for detecting AV/EDR hooks in default Windows libraries.☆29Updated 2 years ago
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆40Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆79Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆49Updated last year
- ☆96Updated 2 years ago
- Clone running process with ZwCreateProcess☆58Updated 3 years ago
- A PoC tool for exploiting leaked process and thread handles☆30Updated 7 months ago
- Windows process injection methods☆14Updated 5 years ago
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆86Updated 2 years ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆45Updated last year
- Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)☆18Updated 4 years ago
- A ready-made template for a project based on libpeconv.☆40Updated last year
- A simple COM server which provides a component to run shellcode☆131Updated 4 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆102Updated 3 years ago
- Sysmon shenanigans☆65Updated 3 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆57Updated 2 years ago
- Windows API Hashes used in the malwares☆38Updated 9 years ago