Piece of code to detect and remove hooks in IAT
☆65May 30, 2022Updated 3 years ago
Alternatives and similar repositories for Unhook-Import-Address-Table
Users that are interested in Unhook-Import-Address-Table are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- A C port of b33f's UrbanBishop☆38Oct 1, 2020Updated 5 years ago
- POC for frustrating/defeating Malware Analysts☆156Jun 12, 2022Updated 3 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- Cobalt Strike Malleable Profile Inline Patch Template: A Position Independent Code (PIC) Code Template For Creating Shellcode That Can Be…☆42Sep 3, 2020Updated 5 years ago
- Open Anti Cheat☆27Jul 16, 2022Updated 3 years ago
- Windows System Programming Experiments☆221Jun 13, 2022Updated 3 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆83Feb 26, 2022Updated 4 years ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Mar 10, 2023Updated 3 years ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆301Apr 10, 2021Updated 4 years ago
- A shellcode function to encrypt a running process image when sleeping.☆339Sep 11, 2021Updated 4 years ago
- TartarusGate, Bypassing EDRs☆657Jan 25, 2022Updated 4 years ago
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆167May 27, 2021Updated 4 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- Various methods of executing shellcode☆74Mar 27, 2023Updated 2 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- Windows CIFS/SMB packet generation and SMB networking library☆12Aug 25, 2020Updated 5 years ago
- Performing Indirect Clean Syscalls☆605Apr 19, 2023Updated 2 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆534Aug 1, 2022Updated 3 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆375May 24, 2022Updated 3 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,008Jun 4, 2024Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆194Jul 10, 2023Updated 2 years ago
- Nim version of MDSec's Parallel Syscall PoC☆124Jan 14, 2022Updated 4 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- Sleep Obfuscation☆824Dec 3, 2023Updated 2 years ago
- Get your data from the resource section manually, with no need for windows apis☆67Oct 22, 2024Updated last year
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆674Dec 23, 2022Updated 3 years ago
- Python tool to find vulnerable AD object and generating csv report☆26Jul 4, 2022Updated 3 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆266Nov 18, 2022Updated 3 years ago
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- A simple COM server which provides a component to run shellcode☆148May 12, 2020Updated 5 years ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆559Apr 8, 2025Updated 11 months ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆83Dec 21, 2022Updated 3 years ago