xalicex / Unhook-Import-Address-TableLinks
Piece of code to detect and remove hooks in IAT
☆63Updated 3 years ago
Alternatives and similar repositories for Unhook-Import-Address-Table
Users that are interested in Unhook-Import-Address-Table are comparing it to the libraries listed below
Sorting:
- Next gen process injection technique☆53Updated 4 years ago
- ☆82Updated 9 months ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆76Updated 3 years ago
- ☆115Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆123Updated 2 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆85Updated 2 years ago
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆31Updated 3 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆105Updated 2 years ago
- ☆42Updated 2 years ago
- A Bumblebee-inspired Crypter☆80Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆46Updated 8 months ago
- Callstack spoofing using a VEH because VEH all the things.☆21Updated 2 months ago
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆56Updated 2 years ago
- Fork of Get-InjectedThread - https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2☆41Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆79Updated 2 years ago
- A C++ PoC implementation for enumerating Windows Fibers directly from memory☆19Updated last year
- Enabled / Disable LSA Protection via BYOVD☆68Updated 3 years ago
- ☆39Updated 4 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆137Updated 2 years ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- API Hammering with C++20☆47Updated 2 years ago
- Malware?☆70Updated 7 months ago
- Get your data from the resource section manually, with no need for windows apis☆62Updated 7 months ago
- Various tools, PoCs and experiments related to my blog at https://www.forrest-orr.net/☆37Updated 3 years ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆29Updated 2 years ago
- An example of COM hijacking using a proxy DLL.☆28Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- ☆31Updated 5 months ago
- a stage1 DLL loader with sleep obfuscation☆35Updated 2 years ago