zimnyaa / nim-noload-dll-hollowing
Unused DLL hollowing PoC in Nim
☆15Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for nim-noload-dll-hollowing
- PoC XLL builder in Python/Nim☆40Updated last year
- A simple Nim stager (w/ fiber execution)☆14Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆37Updated 10 months ago
- Run python from a single exe☆34Updated 2 years ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆27Updated 3 years ago
- ☆37Updated 3 years ago
- Another AMSI bypass - but in C++.☆23Updated last year
- Beacon Object Files (not Buffer Overflows)☆51Updated last year
- ☆14Updated 2 years ago
- Halos Gate-based NTAPI Unhooker☆49Updated 2 years ago
- ☆47Updated last year
- Sleep Obfuscation☆41Updated 2 years ago
- API Hammering with C++20☆34Updated 2 years ago
- A way to extract tickets in case I need to purge and restore tickets on the fly.☆17Updated 6 months ago
- Piece of code to detect and remove hooks in IAT☆58Updated 2 years ago
- A care package of useful bofs for red team engagments☆48Updated 2 years ago
- A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies☆32Updated 2 years ago
- ☆38Updated last year
- Files for http://blog.deniable.org/posts/windows-callbacks/☆12Updated last year
- ☆58Updated 2 years ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆44Updated last month
- idk man this was the default github name☆35Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆38Updated last year
- Remove API hooks from a Beacon process.☆12Updated 3 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆32Updated last year