whokilleddb / exe_who

Related projects ⓘ

Alternatives and complementary repositories for exe_who

• xenoscr / SysWhispers2
  AV/EDR evasion via direct system calls.
  ☆106Updated 11 months ago
• Wh04m1001 / DiagTrackEoP
  ☆89Updated 2 years ago
• klezVirus / NimlineWhispers3
  A tool for converting SysWhispers3 syscalls for use with Nim projects
  ☆138Updated 2 years ago
• HuskyHacks / RustyProcessInjectors
  Just some Rust process injector POCs, nothing weird.
  ☆80Updated 2 years ago
• 0xsp-SRD / callback_injection-Csharp
  this repo is to cover the other undocumented or published / in different langaue to achieve shellcode injection via windows callback func…
  ☆82Updated 2 years ago
• pwnsauc3 / RWXfinder
  The program uses the Windows API functions to traverse through directories and locate DLL files with RWX section
  ☆95Updated last year
• Octoberfest7 / EventViewerUAC_BOF
  Beacon Object File implementation of Event Viewer deserialization UAC bypass
  ☆128Updated 2 years ago
• deepinstinct / AMSI-Unchained
  Unchain AMSI by patching the provider’s unmonitored memory space
  ☆88Updated last year
• xforcered / Detect-Hooks
  Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR
  ☆97Updated 3 years ago
• mlcsec / ASRenum-BOF
  Cobalt Strike BOF that identifies Attack Surface Reduction (ASR) rules, actions, and exclusion locations
  ☆138Updated 8 months ago
• zblurx / impersonate-rs
  Rusty Impersonate
  ☆94Updated last year
• waawaa / AMSI_Rubeus_bypass
  ☆61Updated 2 years ago
• Crypt0s / DelegationBOF
  ☆138Updated 2 years ago
• sbasu7241 / HellsGate
  Rewrote HellsGate in C# for fun and learning
  ☆84Updated 2 years ago
• S4ntiagoP / donut
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆110Updated last year
• rasta-mouse / PPEnum
  Simple BOF to read the protection level of a process
  ☆104Updated last year
• ChoiSG / OneDriveUpdaterSideloading
  Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post
  ☆86Updated 2 years ago
• nettitude / RunOF
  ☆139Updated last year
• evilashz / CheeseOunce
  Coerce Windows machines auth via MS-EVEN
  ☆153Updated 10 months ago
• naksyn / ProcessStomping
  A variation of ProcessOverwriting to execute shellcode on an executable's section
  ☆145Updated 11 months ago
• mmnoureldin / UnmanagedPowerShell
  ☆26Updated last year
• EspressoCake / DLL-Hijack-Search-Order-BOF
  DLL Hijack Search Order Enumeration BOF
  ☆141Updated 3 years ago
• zer1t0 / cerbero
  Kerberos protocol attacker
  ☆124Updated 3 years ago
• kyleavery / TitanLdr
  Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.
  ☆134Updated 2 years ago
• Nariod / laz-y
  Automating payload generation for OSEP labs and exam.
  ☆34Updated 2 years ago