There are 4 repositories under process-hollowing topic.
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Demos of various injection techniques found in malware
A more stealthy variant of "DLL hollowing"
Penetration testing utility and antivirus assessment tool.
Incomplete project
Various Process Injection Techniques
x64/x86 shellcode injector
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
userland exec for Linux x86_64
execute a PE in the address space of another PE aka process hollowing
Nim process hollowing loader
Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
Lime Crypter Obfuscator Mod
A shellcode runner / injector / hollower in Go, for windows
An implementation of the Process Hollowing technique.
Process hollowing C# shellcode runner that is FUD against Microsoft Defender as of October 7, 2023.
The RunPE program is written in C# to execute a specific executable file within another file's memory using the ProcessHollowing technique.
process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
Execution of the malicious code is masked under a legitimate process.
Custom malware droppers written in multiple languages.
userland exec for Linux ARM v7
This repo contains a implimentation of the Process Hollowing tehcnique.
Proof of concept, example of process hollowing, generating reverse TCP shellcode. Conducted on Windows 10 64 Bit 22H2.