xalicex / Unhook-Import-Address-Table
Piece of code to detect and remove hooks in IAT
☆51Updated 2 years ago
Related projects: ⓘ
- ☆74Updated 3 weeks ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- ☆36Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆79Updated last year
- Files for http://blog.deniable.org/posts/windows-callbacks/☆67Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated last week
- Next gen process injection technique☆41Updated 4 years ago
- Minifilter Callback Patching Proof-of-Concept☆59Updated last year
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆86Updated 2 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆53Updated 2 years ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆45Updated last year
- ☆97Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Dll injection through code page id modification in registry. Based on jonas lykk research☆116Updated last year
- Enabled / Disable LSA Protection via BYOVD☆61Updated 2 years ago
- Attack chain emulator. Write recipes for initial access easily☆19Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- ☆43Updated this week
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year
- API Hammering with C++20☆34Updated 2 years ago
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆44Updated 3 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆31Updated last year
- a stage1 DLL loader with sleep obfuscation☆32Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- A Bumblebee-inspired Crypter☆79Updated last year
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 3 years ago
- ☆14Updated 2 years ago
- ☆31Updated this week
- A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code☆33Updated this week