"topic:process-hollowing" — Search

43 results for “topic:process-hollowing”

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

C++1.2k220Updated 3 days ago

antivirusantivirus-evasionexploitexploit-developmentexploit-frameworkexploitationexploitsprocess-doppelgangingprocess-herpaderpingprocess-hollowingprocess-migrationsecuritysecurity-vulnerabilityvulnerabilitywindowswindows-10windows-7windows-defender

hasherezade/demos

Demos of various injection techniques found in malware

C796188Updated 2 weeks ago

code-injectiondll-injectionmalwareprocess-hollowingrunpe

Hagrid29/PELoader

PE loader with various shellcode injection techniques

C++44965Updated 3 weeks ago

dllmalwarepayloadpe-injectorpe-loaderprocess-hollowingprocess-injection

hasherezade/module_overloading

A more stealthy variant of "DLL hollowing"

C36359Updated 1 month ago

pe-injectorprocess-hollowing

ivan-sincek/invokerArchived

Penetration testing utility and antivirus assessment tool.

C++31582Updated 2 weeks ago

access-tokenbytecode-injectionc-plus-plusdll-injectiondump-memoryethical-hackinghook-proceduremalwareoffensive-securitypenetration-testingprocess-ghostingprocess-hollowingred-team-engagementreverse-tcpsecuritysticky-keyssystem-callstask-schedulerwindowswindows-penetration-testing

MahmoudZohdy/Process-Injection-Techniques

Various Process Injection Techniques

C++16524Updated 2 weeks ago

apc-injectionappcertdllsappinit-dllsdll-injectionearly-birdimage-file-execution-optionsinjectionprocess-doppelgangingprocess-ghostingprocess-hollowingreflective-dll-injectionshellcode-injectionthread-hijackingtls-injection

TunnelGRE/Percino

Evasive Golang Loader

Go13725Updated 1 week ago

bypass-antivirusbypass-edrprocess-hollowingshellcode-loader

ZeroMemoryEx/Shellcode-InjectorArchived

simple shellcode injector

C++11821Updated 2 months ago

process-hollowingprocess-injectionred-teamshellcode-injector

XaFF-XaFF/ZwProcessHollowing

ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption

C++9222Updated 4 weeks ago

hacking-toolprocess-hollowingrunpewindowsx64

ProcessusT/UnhookingDLL

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

C++7212Updated 3 hours ago

bypassdll-unhookingedretwprocess-hollowingshellcode

Hagrid29/herpaderply_hollowing

Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping

C6916Updated 3 days ago

code-injectionmalwarepe-injectorpe-loaderpefileprocess-hollowing

bediger4000/userlandexec

userland exec for Linux x86_64

C6814Updated 1 week ago

elfprocess-hollowingsystem-callsuserland-execx86-64

itaymigdal/PichichiH0ll0wer

Nim process hollowing loader

Nim6213Updated 2 months ago

edr-bypassedr-evasionloaderpayload-generatorpayload-injectorpe-loaderpenetration-testingpenetration-testing-toolsprocess-hollowingprocess-injectionred-teamred-team-toolsrunpesyscalls

abdullah2993/go-runpe

execute a PE in the address space of another PE aka process hollowing

Go6019Updated 3 months ago

evasioninjectionmalware-developmentprocess-hollprocess-hollowingrunpe

TheKevinWang/HellsRunPE

RunPE using Hell's Gate technique.

C328Updated 11 months ago

loaderprocess-hollowingrunpe

rxOred/process-hollowing

process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread

C++316Updated 1 month ago

malwareprocess-hollowing

ChrisPritchard/golang-shellcode-runner

A shellcode runner / injector / hollower in Go, for windows

Go264Updated 1 month ago

kernel32ntdllprocess-hollowingshellcode-injection

Logan-Elliott/HollowGhost

Process hollowing C# shellcode runner that is FUD against Microsoft Defender as of October 7, 2023.

C#241Updated 3 months ago

antivirus-evasiondefenderfudinjectionpenetration-testingprocess-hollowingred-teamrunnershellcode

ivkin25/Process-Hollowing

An implementation of the Process Hollowing technique.

C++165Updated 1 year ago

process-hollowingprocess-injectionrunpe

00nx/Chrome-App-Bound-Encryption-Bypass

Bypasses App-Bound Encryption to extract cookies, passwords, browsing history, autofill data, and payment info from Chromium-based browsers (Chrome, Brave, Edge) in user mode, without admin privileges.

C162Updated 1 week ago

app-bound-bypassautofillbravebrowserchromechromiumcookiesdecryptdll-injectionedgehistorypasswordpaymentprocess-hollowing

B4l3rI0n/OSEP

OSEP sample codes from the course & more

C#120Updated 1 day ago

amsi-bypassantivirus-bypassantivirus-evasionapplocker-bypassav-evasiondll-injectionmacrososeposep-notesosep-prepphishingprocess-hollowingreflective-injectionuac-bypass

vvswift/Agent-Loader

Modular C2 loader featuring dynamic function encryption, in-memory payload support, and a covert DoH command channel, configurable via a Python builder and a Node.js web panel.

C123Updated 3 weeks ago

apc-injectioncode-injectiondll-hijackingloaderpayloads-memorype-loaderpost-exploitationprocess-hollowingprocess-injectionqueueuserapcred-team-toolsreverse-shellrwxshellcode-runnersocks5-proxytoken-stealthvm-bytecode-interpreterwindows-internals

notsnakesilent/AnotherProcessHollowing

Explanation and Proof of Concept of the Process Hollowing (Windows) technique, commonly used by malware and game hackers to bypass security systems

C++101Updated 3 months ago

hollowingpe-injectionprocess-hollowing

ivan-sincek/malware-droppers

Custom malware droppers written in multiple languages.

C#95Updated 5 months ago

c-sharpdecoderdefensive-securityencoderethical-hackingmalwaremimikatzoffensive-securitypenetration-testingprocess-hollowingred-team-engagementreverse-engineeringsecurityvisual-studiowindowswindows-penetration-testing

EmreOvunc/Process-Injection-Process-Hollowing-T1055.012

Execution of the malicious code is masked under a legitimate process.

C++63Updated 3 months ago

process-hollowingprocess-injectiont1055

frangelbarrera/StyxLoaderX-EDR-Evasion

"A modular framework for advanced EDR evasion on Windows x64, featuring dynamic syscalls, AES encryption, and process hollowing. 85% evasion rate against Sysmon."

C++50Updated 2 weeks ago

assemblyc-plus-pluscybersecurityedr-evasionethical-hackingmalware-analysisobfuscationpenetration-testingprocess-hollowingprocess-injectionred-teamsecurity-researchsyscallswindowswindows-api

Arrbat/Veil-Forge

CLI tool for shielding your app from static and dynamic analysis

C53Updated 4 months ago

binary-securitychacha20-poly1305cryptercryptographyhkdfmalware-researchpe-injectionpe-packerprocess-hollowingreverse-engineeringsha256

grisuno/OverRide

This project provides a proof-of-concept implementation of the "Process Overwriting" (a form of Process Hollowing) technique in plain C.

C41Updated 1 month ago

chackingprocess-hollowingprocess-overwritingwindows

Watermwo/Simple-RunPE-Process-Hollowing

The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.

C#42Updated 20 hours ago

bypass-antivirusbypass-avcode-injectioncsharphollowinginjectinjectioninjection-attacksinjector-x64kernel-drivermalwarepe-injectorpefileprocess-hollowingprocess-injectorprocess-manipulationredteamrootkitrunpewindows

methmind/hookpe

Proof of Concept demonstrating a stealthy code loading technique (Process Doppelgänging / Phantom File variations) using Transactional NTFS (TxF) and kernel function hooking.

C++41Updated 3 weeks ago

assemblycode-injectiondll-injectionhookhook-pehookpemalware-researchoffensive-securitypepe-loaderpeloaderportable-executableprocess-doppelgangingprocess-hollowingred-teamingreverse-engineeringwindows-loaderx86-64

Page 1 of 2