winterknife / PINKPANTHERLinks
Windows x64 handcrafted token stealing kernel-mode shellcode
☆510Updated last year
Alternatives and similar repositories for PINKPANTHER
Users that are interested in PINKPANTHER are comparing it to the libraries listed below
Sorting:
- Venom is a library that meant to perform evasive communication using stolen browser socket☆395Updated 2 years ago
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆615Updated 2 years ago
- UAC bypass by abusing RPC and debug objects.☆628Updated 2 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Updated 3 years ago
- Shellcode injection technique. Given as C++ header, standalone Rust program or library.☆706Updated 2 years ago
- ☆496Updated 3 years ago
- This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.☆522Updated 6 months ago
- PoCs and tools for investigation of Windows process execution techniques☆945Updated last month
- Various ways to execute shellcode☆508Updated last year
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆579Updated last year
- ☆607Updated last month
- Leaked Windows processes handles identification tool☆290Updated 3 years ago
- some gadgets about windows process and ready to use :)☆611Updated 2 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆339Updated 3 years ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆668Updated 3 years ago
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆792Updated last year
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆491Updated 3 years ago
- ☆603Updated 5 months ago
- Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]☆612Updated 3 years ago
- Sleep Obfuscation☆808Updated 2 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆306Updated 2 years ago
- Multi-Packer wrapper letting us daisy-chain various packers, obfuscators and other Red Team oriented weaponry. Featured with artifacts wa…☆1,021Updated 2 months ago
- KaynLdr is a Reflective Loader written in C/ASM☆556Updated 2 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆711Updated 2 years ago
- Threadless Process Injection using remote function hooking.☆800Updated last year
- ☆418Updated 8 months ago
- DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.☆323Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆372Updated 3 years ago
- Create fake certs for binaries using windows binaries and the power of bat files☆570Updated last year
- Tools and PoCs for Windows syscall investigation.☆367Updated 3 weeks ago