Execution of the malicious code is masked under a legitimate process.
-
Updated
Dec 11, 2020 - C++
Execution of the malicious code is masked under a legitimate process.
process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
An implementation of the Process Hollowing technique.
This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
x64/x86 shellcode injector
Various Process Injection Techniques
Penetration testing utility and antivirus assessment tool.
PE loader with various shellcode injection techniques
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Add a description, image, and links to the process-hollowing topic page so that developers can more easily learn about it.
To associate your repository with the process-hollowing topic, visit your repo's landing page and select "manage topics."