process-hollowing

There are 4 repositories under process-hollowing topic.

jxy-s / herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
exploit windows security process-herpaderping vulnerability security-vulnerability exploitation exploits exploit-development exploit-framework windows-10 windows-7 windows-defender antivirus antivirus-evasion process-migration process-hollowing process-doppelganging
Language:C++ 1080
hasherezade / demos
Demos of various injection techniques found in malware
malware code-injection dll-injection runpe process-hollowing
Language:C 787
Hagrid29 / PELoader
PE loader with various shellcode injection techniques
dll malware payload pe-injector pe-loader process-hollowing process-injection
Language:C++ 361
hasherezade / module_overloading
A more stealthy variant of "DLL hollowing"
pe-injector process-hollowing
Language:C 335
ivan-sincek / invoker
Penetration testing utility and antivirus assessment tool.
access-token bytecode-injection c-plus-plus dll-injection dump-memory ethical-hacking hook-procedure malware offensive-security penetration-testing process-ghosting process-hollowing red-team-engagement reverse-tcp security sticky-keys system-calls task-scheduler windows windows-penetration-testing
Language:C++ 312
ZeroMemoryEx / Orca
Incomplete project
assembly malware privilege-escalation process-hollowing process-injection risk shellcode-injection win32api
Language:C++ 189
MahmoudZohdy / Process-Injection-Techniques
Various Process Injection Techniques
apc-injection appcertdlls appinit-dlls dll-injection early-bird image-file-execution-options injection process-doppelganging process-ghosting process-hollowing reflective-dll-injection shellcode-injection thread-hijacking tls-injection
Language:C++ 136
TunnelGRE / Augustus
Evasive Golang Loader
process-hollowing shellcode-loader bypass-antivirus bypass-edr
Language:Go 130
ZeroMemoryEx / Shellcode-Injector
x64/x86 shellcode injector
process-hollowing process-injection red-team shellcode-injector
Language:C++ 114
XaFF-XaFF / ZwProcessHollowing
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
hacking-tool process-hollowing runpe windows x64
Language:C++ 80
ProcessusT / UnhookingDLL
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
bypass dll-unhooking edr etw process-hollowing shellcode
Language:C++ 66
bediger4000 / userlandexec
userland exec for Linux x86_64
elf process-hollowing system-calls userland-exec x86-64
Language:C 61
abdullah2993 / go-runpe
execute a PE in the address space of another PE aka process hollowing
runpe process-hollowing malware-development injection evasion process-holl
Language:Go 52
itaymigdal / PichichiH0ll0wer
Nim process hollowing loader
loader pe-loader penetration-testing penetration-testing-tools process-hollowing process-injection red-team red-team-tools syscalls payload-generator runpe payload-injector edr-bypass edr-evasion
Language:Nim 46
Hagrid29 / herpaderply_hollowing
Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
code-injection malware pe-injector pe-loader pefile process-hollowing
Language:C 44
TheKevinWang / HellsRunPE
RunPE using Hell's Gate technique.
loader process-hollowing runpe
Language:C 30
Chainski / Chainski-Crypter
Lime Crypter Obfuscator Mod
amsi-bypass amsi-evasion crypter crypter-fud obfuscator chainski-crypter lime-crypter-mod runpe invoke av-evasion process-hollowing evasive injector defender-bypass fud fud-crypter csharp bypass-antivirus
Language:C# 28
ChrisPritchard / golang-shellcode-runner
A shellcode runner / injector / hollower in Go, for windows
kernel32 ntdll process-hollowing shellcode-injection
Language:Go 25
ivkin25 / Process-Hollowing
An implementation of the Process Hollowing technique.
process-hollowing runpe process-injection
Language:C++ 17
Logan-Elliott / HollowGhost
Process hollowing C# shellcode runner that is FUD against Microsoft Defender as of October 7, 2023.
antivirus-evasion defender fud injection penetration-testing process-hollowing red-team runner shellcode
Language:C# 11
chaverex / Simple-RunPE-Process-Hollowing
The RunPE program is written in C# to execute a specific executable file within another file's memory using the ProcessHollowing technique.
bypass-antivirus bypass-av code-injection csharp hollowing inject injection injection-attacks injector-x64 kernel-driver malware pe-injector pefile process-hollowing process-injector process-manipulation redteam rootkit runpe windows
Language:C# 10
rxOred / process-hollowing
process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
malware process-hollowing
Language:C++ 7
EmreOvunc / Process-Injection-Process-Hollowing-T1055.012
Execution of the malicious code is masked under a legitimate process.
process-hollowing process-injection t1055
Language:C++ 6
ivan-sincek / malware-droppers
Custom malware droppers written in multiple languages.
c-sharp ethical-hacking malware mimikatz offensive-security process-hollowing red-team-engagement security visual-studio windows decoder encoder penetration-testing windows-penetration-testing defensive-security reverse-engineering
Language:C# 5
xiosec / Hollow
Hollow is a tool for implementing the process hollowing technique.
redteam internals process-hollowing redteaming windows windows-internals
Language:C# 5
bediger4000 / userlandexec-arm
userland exec for Linux ARM v7
arm-assembly elf linux usrland-exec process-hollowing
Language:C 3
fistfulofhummus / Process-Hollowing-in-Go
This repo contains a implimentation of the Process Hollowing tehcnique.
bypass bypass-antivirus bypass-av evasion go golang hacking malware pentesting process-hollowing run-pe
Language:Go 2
HadiMed / Hollow
Implementation of process hollowing on x32 .
runpe process-hollowing hollowing code-injection malware reverse-engineering loader
Language:C 1
Trn44 / Process-Hollowing-POC
Proof of concept, example of process hollowing, generating reverse TCP shellcode. Conducted on Windows 10 64 Bit 22H2.
process-hollowing process-injection windows-10 windows-11
Language:C#

process-hollowing

jxy-s / herpaderping

hasherezade / demos

Hagrid29 / PELoader

hasherezade / module_overloading

ivan-sincek / invoker

ZeroMemoryEx / Orca

MahmoudZohdy / Process-Injection-Techniques

TunnelGRE / Augustus

ZeroMemoryEx / Shellcode-Injector

XaFF-XaFF / ZwProcessHollowing

ProcessusT / UnhookingDLL

bediger4000 / userlandexec

abdullah2993 / go-runpe

itaymigdal / PichichiH0ll0wer

Hagrid29 / herpaderply_hollowing

TheKevinWang / HellsRunPE

Chainski / Chainski-Crypter

ChrisPritchard / golang-shellcode-runner

ivkin25 / Process-Hollowing

Logan-Elliott / HollowGhost

chaverex / Simple-RunPE-Process-Hollowing

rxOred / process-hollowing

EmreOvunc / Process-Injection-Process-Hollowing-T1055.012

ivan-sincek / malware-droppers

xiosec / Hollow

bediger4000 / userlandexec-arm

fistfulofhummus / Process-Hollowing-in-Go

HadiMed / Hollow

Trn44 / Process-Hollowing-POC