Skip to content

PorLaCola25/PPID-Spoofing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
PPID.sln
PPID.sln
 
 
PPID.vcxproj
PPID.vcxproj
 
 
PPID.vcxproj.filters
PPID.vcxproj.filters
 
 
PPID.vcxproj.user
PPID.vcxproj.user
 
 
README.md
README.md
 
 
Syscalls.asm
Syscalls.asm
 
 
main.c
main.c
 
 
structs.h
structs.h
 
 

Repository files navigation

PPID-Spoofing

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

Note: Non-reflective shellcode is required for this to work

About

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

Resources

Readme
Activity

Stars

41 stars

Watchers

2 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages