Skip to content

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

Notifications You must be signed in to change notification settings

PorLaCola25/PPID-Spoofing

Repository files navigation

PPID-Spoofing

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

Note: Non-reflective shellcode is required for this to work

About

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published