Piece of code to detect and remove hooks in IAT
☆65May 30, 2022Updated 3 years ago
Alternatives and similar repositories for Unhook-Import-Address-Table
Users that are interested in Unhook-Import-Address-Table are comparing it to the libraries listed below
Sorting:
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- Beacon Object File Loader☆293Dec 3, 2023Updated 2 years ago
- Windows System Programming Experiments☆222Jun 13, 2022Updated 3 years ago
- POC for frustrating/defeating Malware Analysts☆156Jun 12, 2022Updated 3 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆299Apr 10, 2021Updated 4 years ago
- TartarusGate, Bypassing EDRs☆653Jan 25, 2022Updated 4 years ago
- Various methods of executing shellcode☆74Mar 27, 2023Updated 2 years ago
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆167May 27, 2021Updated 4 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- A small NtCreateUserProcess PoC that spawns a Command prompt.☆102Aug 25, 2022Updated 3 years ago
- Open Anti Cheat☆27Jul 16, 2022Updated 3 years ago
- Get your data from the resource section manually, with no need for windows apis☆67Oct 22, 2024Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- just manipulatin these here tokens yes sir nothing weird☆22Apr 18, 2022Updated 3 years ago
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆77Feb 26, 2022Updated 4 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- Static Library For Windows Drivers☆41Dec 13, 2025Updated 2 months ago
- Windows CIFS/SMB packet generation and SMB networking library☆12Aug 25, 2020Updated 5 years ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- A C port of b33f's UrbanBishop☆38Oct 1, 2020Updated 5 years ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆80Sep 2, 2024Updated last year
- Sleep Obfuscation☆816Dec 3, 2023Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- A simple COM server which provides a component to run shellcode☆149May 12, 2020Updated 5 years ago
- The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/☆210Jan 29, 2023Updated 3 years ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆193Jul 10, 2023Updated 2 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- D/Invoke port of UrbanBishop☆108Jul 19, 2020Updated 5 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆249Jul 9, 2024Updated last year
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆536Aug 1, 2022Updated 3 years ago
- You shall pass☆270Jul 16, 2022Updated 3 years ago
- PoC capable of detecting manual syscalls from usermode.☆206Nov 13, 2025Updated 3 months ago
- ☆12Aug 10, 2019Updated 6 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago