A Proof-of-Concept implementation of Reflective DLL Injection (RDI) specifically for Windows on ARM64. Demonstrates PEB access via the x18 register and manual DLL mapping.
☆34May 30, 2025Updated 9 months ago
Alternatives and similar repositories for ARM64-ReflectiveDLLInjection
Users that are interested in ARM64-ReflectiveDLLInjection are comparing it to the libraries listed below
Sorting:
- Ghosting-AMSI☆18Apr 30, 2025Updated 10 months ago
- ☆17Jun 16, 2025Updated 8 months ago
- Extracted lua script from Defender mpavbase.vdm and mpasbase.vdm☆16Jul 5, 2024Updated last year
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆121Dec 23, 2025Updated 2 months ago
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆43Jun 10, 2025Updated 8 months ago
- Alternative Read and Write primitives using Rtl* functions the unintended way.☆79Aug 25, 2025Updated 6 months ago
- ☆22Jan 15, 2025Updated last year
- shell code example☆68Dec 12, 2025Updated 2 months ago
- demo unhooking functions in ntdll☆28Jul 15, 2025Updated 7 months ago
- Arsenal of modules to beacon postex☆94Feb 18, 2026Updated last week
- Stage 0☆169Dec 18, 2024Updated last year
- YongYou U8C deserialization file upload exploit tool targeting IPFxxFileService and IFileTrans services☆28Sep 28, 2025Updated 5 months ago
- Python based tool for generating Shellcode from PIC C☆43Nov 6, 2025Updated 3 months ago
- Slides for COM Hijacking AV/EDR Talk on 38c3☆75Jan 3, 2025Updated last year
- ☆42Feb 18, 2025Updated last year
- Impersonate Tokens using only NTAPI functions☆84Apr 4, 2025Updated 10 months ago
- Folder Or File Delete to Get System Shell on Current Session Desktop☆47Jan 14, 2025Updated last year
- Vectored Exception Handling Squared☆29Dec 27, 2025Updated 2 months ago
- Local SYSTEM auth trigger for relaying☆169Jul 22, 2025Updated 7 months ago
- Introducing a powerful solution that converts any non-XP-compatible 32-bit exe or dll into a Windows XP-friendly binary. Our patch files …☆29Apr 3, 2024Updated last year
- BasicLDR: A Reflective DLL Loader☆14Jun 11, 2024Updated last year
- Simple tool to dump/hide services in services.exe process.☆14Apr 22, 2022Updated 3 years ago
- ☆55May 31, 2025Updated 9 months ago
- Title is self explaining, well theres few methods we can do to read locked file and play with it...☆96Jan 5, 2026Updated last month
- Library that eases the use of indirect syscalls. Quite interesting AV/EDR bypass as PoC.☆166Jul 30, 2025Updated 7 months ago
- 一款基于James Forshaw的.NET Remoting反序列化工具升级版在TypeFilterLevel.Low模式无文件payload任意代码执行poc的开发心得☆48Jan 23, 2025Updated last year
- ☆53Mar 26, 2025Updated 11 months ago
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated 11 months ago
- ☆26Nov 8, 2024Updated last year
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆64Jan 19, 2026Updated last month
- Command-line tool for discovering SaaS platforms a company uses via DNS enumeration☆37Jul 23, 2025Updated 7 months ago
- 针对finereportv10反序列化接口/webroot/decision/remote/design/channel进行无回显检测并提供Godzilla memshell注入功能(部分环境缺少依赖无法成功)☆24Oct 17, 2023Updated 2 years ago
- Open Source Implementation of Cobalt Strike's Malleable C2☆94Jan 27, 2026Updated last month
- ☆53Sep 23, 2025Updated 5 months ago
- CVE-2024-35250 的 Beacon Object File (BOF) 实现。☆24Nov 28, 2024Updated last year
- Lateral movement with DCOM DLL hijacking☆177Jul 4, 2025Updated 7 months ago
- Tool to bypass LSA Protection (aka Protected Process Light)☆64Jan 2, 2025Updated last year
- 获取chrome 浏览器记录☆43Sep 6, 2025Updated 5 months ago
- ☆21Feb 22, 2025Updated last year