Piece of code to detect and remove hooks in IAT
☆66May 30, 2022Updated 4 years ago
Alternatives and similar repositories for Unhook-Import-Address-Table
Users that are interested in Unhook-Import-Address-Table are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- Beacon Object File Loader☆296Dec 3, 2023Updated 2 years ago
- A C port of b33f's UrbanBishop☆38Oct 1, 2020Updated 5 years ago
- POC for frustrating/defeating Malware Analysts☆155Jun 12, 2022Updated 4 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 4 years ago
- Cobalt Strike Malleable Profile Inline Patch Template: A Position Independent Code (PIC) Code Template For Creating Shellcode That Can Be…☆43Sep 3, 2020Updated 5 years ago
- Open Anti Cheat☆27Jul 16, 2022Updated 3 years ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Mar 10, 2023Updated 3 years ago
- Windows System Programming Experiments☆222Jun 13, 2022Updated 4 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆85Feb 26, 2022Updated 4 years ago
- A small PoC that creates processes in Windows☆188Jun 6, 2024Updated 2 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆298Apr 10, 2021Updated 5 years ago
- A shellcode function to encrypt a running process image when sleeping.☆340Sep 11, 2021Updated 4 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- TartarusGate, Bypassing EDRs☆665Jan 25, 2022Updated 4 years ago
- ☆10Apr 19, 2026Updated 2 months ago
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆164May 27, 2021Updated 5 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆141Sep 12, 2022Updated 3 years ago
- Various methods of executing shellcode☆74Mar 27, 2023Updated 3 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- Windows CIFS/SMB packet generation and SMB networking library☆12Aug 25, 2020Updated 5 years ago
- Performing Indirect Clean Syscalls☆616May 2, 2026Updated 2 months ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆538Aug 1, 2022Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Cobalt Strike UDRL for memory scanner evasion.☆1,020Jun 4, 2024Updated 2 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆377May 24, 2022Updated 4 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆135Jan 2, 2023Updated 3 years ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆193Jul 10, 2023Updated 2 years ago
- Nim version of MDSec's Parallel Syscall PoC☆125Apr 4, 2026Updated 2 months ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- Sleep Obfuscation☆841Dec 3, 2023Updated 2 years ago
- Get your data from the resource section manually, with no need for windows apis☆67Oct 22, 2024Updated last year
- Python tool to find vulnerable AD object and generating csv report☆26Jul 4, 2022Updated 3 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆673Dec 23, 2022Updated 3 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆267Nov 18, 2022Updated 3 years ago
- all credits go to @mgeeky☆65Oct 14, 2021Updated 4 years ago
- A simple COM server which provides a component to run shellcode☆143May 12, 2020Updated 6 years ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆576Apr 8, 2025Updated last year