wietze/windows-dll-env-hijacking external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

wietze/windows-dll-env-hijacking

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/wietze/windows-dll-env-hijacking)

Close

wietze / windows-dll-env-hijackingView on GitHubMore

• External links
• Readme badge

Project for identifying executables and DLLs vulnerable to environment-variable based DLL hijacking.

☆63Jul 15, 2022Updated 3 years ago

Alternatives and similar repositories for windows-dll-env-hijacking

Users that are interested in windows-dll-env-hijacking are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• wietze / HijackLibs

  View on GitHub
  Project for tracking publicly disclosed DLL Hijacking opportunities.
  ☆897Mar 14, 2026Updated 2 weeks ago
• mis-team / rsockspipe

  View on GitHub
  Tool for pivoting over SMB pipes
  ☆16Jul 20, 2019Updated 6 years ago
• NVISOsecurity / CobaltWhispers

  View on GitHub
  CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…
  ☆242Jan 4, 2023Updated 3 years ago
• timwhitez / JmpUnhook

  View on GitHub
  Ntdll Unhooking POC
  ☆19Aug 12, 2022Updated 3 years ago
• Teach2Breach / openai

  View on GitHub
  Red Team Projects with chat.openai.com.
  ☆17Apr 3, 2023Updated 2 years ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• frkngksl / UnlinkDLL

  View on GitHub
  DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable
  ☆60Dec 15, 2023Updated 2 years ago
• MaorSabag / HollowMask

  View on GitHub
  Just another Process Injection using Process Hollowing technique.
  ☆18Sep 18, 2023Updated 2 years ago
• sevagas / weaponize_process_injection_windows_SIGSEGv2_2019

  View on GitHub
  Files related to my presentation at SigSegV2 conference in 2019. You can find related papers on my blog
  ☆13Dec 12, 2019Updated 6 years ago
• Allevon412 / ClassicAPIUnhooking

  View on GitHub
  ☆16Nov 23, 2021Updated 4 years ago
• KiExitDispatcher / Eset-Unload

  View on GitHub
  Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …
  ☆12Apr 21, 2025Updated 11 months ago
• N4kedTurtle / HellsGatePoC

  View on GitHub
  ☆51Sep 18, 2020Updated 5 years ago
• Kr0ff / WinMalDev

  View on GitHub
  Various methods of executing shellcode
  ☆74Mar 27, 2023Updated 3 years ago
• improsec / 2Cloudz

  View on GitHub
  ☆28Apr 1, 2022Updated 3 years ago
• icyguider / MoreImpacketExamples

  View on GitHub
  More examples using the Impacket library designed for learning purposes.
  ☆264Nov 4, 2022Updated 3 years ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• pard0p / CallstackSpoofingPOC

  View on GitHub
  C++ self-Injecting dropper based on various EDR evasion techniques.
  ☆426Feb 11, 2024Updated 2 years ago
• SolomonSklash / SeasideBishop

  View on GitHub
  A C port of b33f's UrbanBishop
  ☆38Oct 1, 2020Updated 5 years ago
• HackingThings / SuperSneakyExec

  View on GitHub
  Loading and executing shellcode in C# without PInvoke.
  ☆22Jan 10, 2022Updated 4 years ago
• SolomonSklash / TokenStealingDriver

  View on GitHub
  ☆22Jul 29, 2021Updated 4 years ago
• NUL0x4C / DeleteShadowCopies

  View on GitHub
  Deleting Shadow Copies In Pure C++
  ☆119Oct 31, 2022Updated 3 years ago
• Iansus / SilentLsassDump

  View on GitHub
  VisualStudio port of https://github.com/guervild/BOFs/tree/dev/SilentLsassDump
  ☆24Jul 6, 2023Updated 2 years ago
• ScriptIdiot / SysmonQuiet

  View on GitHub
  RDLL for Cobalt Strike beacon to silence sysmon process
  ☆91Sep 9, 2022Updated 3 years ago
• Unknow101 / FuckThatSmuggler

  View on GitHub
  Simple tool to perform HTML Smuggling.
  ☆67Aug 17, 2021Updated 4 years ago
• zha0 / DarkPulsar

  View on GitHub
  EQGRP: Replicating DarkPulsar, an DLL capable of hooking Security Package Method Tables on the Heap!
  ☆11Oct 11, 2020Updated 5 years ago
• Wordpress hosting with auto-scaling on Cloudways • Ad
  Fully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
• williamknows / BOF.NET

  View on GitHub
  A .NET Runtime for Cobalt Strike's Beacon Object Files
  ☆91Oct 13, 2024Updated last year
• trustedsec / LLVM-Obfuscation-Experiments

  View on GitHub
  ☆17May 22, 2024Updated last year
• BronzeTicket / ClipboardWindow-Inject

  View on GitHub
  CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback
  ☆68Sep 15, 2022Updated 3 years ago
• stealth / devpops

  View on GitHub
  Companion Worm research
  ☆16Nov 8, 2021Updated 4 years ago
• outflanknl / Zipper

  View on GitHub
  Zipper, a CobaltStrike file and folder compression utility.
  ☆222Jan 18, 2020Updated 6 years ago
• codewhitesec / SysmonEnte

  View on GitHub
  ☆78Oct 18, 2022Updated 3 years ago
• splexas / TrampHooker

  View on GitHub
  A mechanism that trampoline hooks functions in x86/x64 systems.
  ☆21Oct 9, 2024Updated last year
• h3xstream / waf-workshop

  View on GitHub
  ☆16Oct 30, 2022Updated 3 years ago
• wietze / powershell-securestring-decoder

  View on GitHub
  A simple, pure JavaScript implementation decoding PowerShell's SecureString objects for analysis.
  ☆30Mar 31, 2023Updated 2 years ago
• Virtual machines for every use case on DigitalOcean • Ad
  Get dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
• GetRektBoy724 / ReversePowernoid

  View on GitHub
  Reverse TCP Powershell has never been this paranoid. (basically an Opsec-safe reverse powershell)
  ☆30Feb 4, 2022Updated 4 years ago
• MzHmO / Parasite-Invoke

  View on GitHub
  Hide your P/Invoke signatures through other people's signed assemblies
  ☆211Mar 10, 2024Updated 2 years ago
• mwnickerson / RedTeamVillage2023-DLL-Sideloading

  View on GitHub
  DefCon Red Team Village 2023 Workshop on DLL Sideloading
  ☆19Aug 15, 2023Updated 2 years ago
• thefLink / C-To-Shellcode-Examples

  View on GitHub
  ☆209Mar 22, 2021Updated 5 years ago
• MzHmO / DebugAmsi

  View on GitHub
  DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.
  ☆102Sep 18, 2023Updated 2 years ago
• ausec-it / bof-registry

  View on GitHub
  Cobalt Strike beacon object file that allows you to query and make changes to the Windows Registry
  ☆31Feb 11, 2021Updated 5 years ago
• GhostPack / RestrictedAdmin

  View on GitHub
  Remotely enables Restricted Admin Mode
  ☆215Sep 3, 2021Updated 4 years ago