Skip to content
/ PPID-Spoofing Public

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

39 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PorLaCola25/PPID-Spoofing

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
PPID.sln
PPID.sln
 
 
PPID.vcxproj
PPID.vcxproj
 
 
PPID.vcxproj.filters
PPID.vcxproj.filters
 
 
PPID.vcxproj.user
PPID.vcxproj.user
 
 
README.md
README.md
 
 
Syscalls.asm
Syscalls.asm
 
 
main.c
main.c
 
 
structs.h
structs.h
 
 

Repository files navigation

PPID-Spoofing

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

Note: Non-reflective shellcode is required for this to work

About

POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritting ntdll:LdrInitializeThunk with shellcode.

Resources

Readme
Activity

Stars

39 stars

Watchers

1 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages