GitHub topics: process-hollowing

Repositories

DeAriasn/Simple-RunPE-Process-Hollowing

The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.

Language: C# - Size: 49.8 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 0 - Forks: 0

Logan-Elliott/HollowGhost

Process hollowing C# shellcode runner that is FUD against Microsoft Defender as of October 7, 2023.

Language: C# - Size: 479 KB - Last synced at: 12 days ago - Pushed at: over 1 year ago - Stars: 18 - Forks: 3

hasherezade/module_overloading

A more stealthy variant of "DLL hollowing"

Language: C - Size: 162 KB - Last synced at: 15 days ago - Pushed at: about 1 year ago - Stars: 343 - Forks: 55

Kareasst/Simple-RunPE-Process-Hollowing

The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.

Language: C# - Size: 221 KB - Last synced at: 17 days ago - Pushed at: 17 days ago - Stars: 2 - Forks: 0

abdullah2993/go-runpe

execute a PE in the address space of another PE aka process hollowing

Language: Go - Size: 7.81 KB - Last synced at: 6 days ago - Pushed at: over 3 years ago - Stars: 55 - Forks: 19

ProcessusT/UnhookingDLL

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

Language: C++ - Size: 44.9 KB - Last synced at: 6 days ago - Pushed at: about 1 year ago - Stars: 69 - Forks: 12

XaFF-XaFF/ZwProcessHollowing

ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption

Language: C++ - Size: 13.7 KB - Last synced at: 19 days ago - Pushed at: about 2 years ago - Stars: 84 - Forks: 21

jxy-s/herpaderping

Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.

Language: C++ - Size: 22.8 MB - Last synced at: 12 days ago - Pushed at: almost 2 years ago - Stars: 1,128 - Forks: 220

Fully written in Python 64bit and C++ 32bit, interacting with WinAPI, using AES-ECB from Cryptopp C++ and PyCryptodome, for most binary that can be handle both. Depend on your payload and the target system architecture as you wish after Reconnaissance.

Language: C++ - Size: 2.33 MB - Last synced at: 29 days ago - Pushed at: 29 days ago - Stars: 1 - Forks: 0

ivan-sincek/invoker

Penetration testing utility and antivirus assessment tool.

Language: C++ - Size: 421 KB - Last synced at: 14 days ago - Pushed at: almost 2 years ago - Stars: 316 - Forks: 80

notsnakesilent/AnotherProcessHollowing

Explanation and Proof of Concept of the Process Hollowing (Windows) technique, commonly used by malware and game hackers to bypass security systems

Language: C++ - Size: 80.1 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 6 - Forks: 0

Tastortist/Simple-RunPE-Process-Hollowing

The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.

Language: C# - Size: 229 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 2 - Forks: 0

hasherezade/demos

Demos of various injection techniques found in malware

Language: C - Size: 217 KB - Last synced at: 17 days ago - Pushed at: about 3 years ago - Stars: 792 - Forks: 183

ivan-sincek/malware-droppers

Custom malware droppers written in multiple languages.

Language: C# - Size: 11.7 KB - Last synced at: 6 days ago - Pushed at: about 2 years ago - Stars: 6 - Forks: 3

0x5844/hollow_point

Process Hollowing for macOS (ARM64) in C++

Language: C++ - Size: 7.81 KB - Last synced at: 29 days ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

xiosec/Hollow

Hollow is a tool for implementing the process hollowing technique.

Language: C# - Size: 27.3 KB - Last synced at: 8 days ago - Pushed at: about 2 years ago - Stars: 7 - Forks: 1

ChrisPritchard/golang-shellcode-runner

A shellcode runner / injector / hollower in Go, for windows

Language: Go - Size: 5.86 KB - Last synced at: 23 days ago - Pushed at: almost 3 years ago - Stars: 26 - Forks: 5

TunnelGRE/Percino

Evasive Golang Loader

Language: Go - Size: 960 KB - Last synced at: 7 months ago - Pushed at: 9 months ago - Stars: 131 - Forks: 24

Siysyter/Simple-RunPE-Process-Hollowing

The RunPE program is written in C# to execute a specific executable file within another files memory using the ProcessHollowing technique.

Language: C# - Size: 1 MB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 4 - Forks: 0

itaymigdal/PichichiH0ll0wer

Nim process hollowing loader

Language: Nim - Size: 2.56 MB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 46 - Forks: 11

Trn44/Process-Hollowing-POC

Proof of concept, example of process hollowing, generating reverse TCP shellcode. Conducted on Windows 10 64 Bit 22H2.

Language: C# - Size: 7.81 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 0 - Forks: 0

Chainski/Chainski-Crypter Fork of NYAN-x-CAT/Lime-Crypter

Lime Crypter Obfuscator Mod

Language: C# - Size: 4.99 MB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 23 - Forks: 6

DevinAIDeveloper/DevinPE-ProcessHollowing-Example

DevinPE-ProcessHollowing-Example

Language: C# - Size: 34.2 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

rxOred/process-hollowing

process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread

Language: C++ - Size: 8.79 KB - Last synced at: about 1 year ago - Pushed at: over 3 years ago - Stars: 6 - Forks: 4

fistfulofhummus/Process-Hollowing-in-Go

This repo contains a implimentation of the Process Hollowing tehcnique.

Language: Go - Size: 29.3 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

Hagrid29/PELoader

PE loader with various shellcode injection techniques

Language: C++ - Size: 1.51 MB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 304 - Forks: 53

ZeroMemoryEx/Shellcode-Injector

x64/x86 shellcode injector

Language: C++ - Size: 1.71 MB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 101 - Forks: 19

ZeroMemoryEx/Orca 📦

Incomplete project

Language: C++ - Size: 629 KB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 186 - Forks: 33

Related Keywords

process-hollowing 35 runpe 12 malware 12 windows 9 process-injection 7 pe-injector 7 bypass-antivirus 7 injection 7 code-injection 6 bypass-av 5 hollowing 5 pefile 5 csharp 5 redteam 5 penetration-testing 4 rootkit 4 injection-attacks 4 injector-x64 4 kernel-driver 4 process-manipulation 4 process-injector 4 inject 4 dll-injection 3 red-team 3 shellcode-injection 3 security 3 pe-loader 3 offensive-security 2 ethical-hacking 2 process-ghosting 2 red-team-engagement 2 obfuscator 2 system-calls 2 cpp 2 windows-penetration-testing 2 windows-10 2 process-doppelganging 2 antivirus-evasion 2 fud 2 shellcode 2 evasion 2 malware-development 2 elf 2 bypass 2 loader 2 invoke 1 edr-bypass 1 edr-evasion 1 injector 1 fud-crypter 1 evasive 1 defender-bypass 1 crypter-fud 1 crypter 1 chainski-crypter 1 payload-generator 1 av-evasion 1 amsi-evasion 1 payload-injector 1 amsi-bypass 1 windows-11 1 syscalls 1 red-team-tools 1 penetration-testing-tools 1 x86-64 1 userland-exec 1 usrland-exec 1 linux 1 arm-assembly 1 t1055 1 tls-injection 1 thread-hijacking 1 reflective-dll-injection 1 image-file-execution-options 1 early-bird 1 appinit-dlls 1 appcertdlls 1 apc-injection 1 win32api 1 risk 1 privilege-escalation 1 assembly 1 shellcode-injector 1 payload 1 dll 1 run-pe 1 pentesting 1 hacking 1 golang 1 go 1 processhollowing 1 lime-crypter-mod 1 shellcode-loader 1 python3 1 fileless-malware 1 cryptopp 1 cryptodome 1 aes-ecb-mode 1 windows-defender 1 windows-7 1