4 repository-uri
Executing code in external processes via thread creation and asynchronous procedure call queueing.
Distinct from Asynchronous Thread Schedulers: None of the candidates cover offensive code injection into remote processes; they focus on task scheduling.
Explore 4 awesome GitHub repositories matching operating systems & systems programming · Remote Thread Injection. Refine with filters or upvote what's useful.
Al-Khaser is a research project focused on the development of anti-analysis and evasion techniques to resist reverse engineering. It provides implementations for detecting and evading virtual machines, sandboxes, and debuggers to prevent software analysis. The project implements control flow obfuscation through anti-disassembly methods and utilizes dynamic API resolution to bypass static import tables. It further hinders forensic analysis by manipulating memory headers to prevent process dumps and utilizing remote code injection to execute logic in external processes. The capability surface
Executes code in external processes by utilizing thread creation and asynchronous procedure call queueing.
Blackbone este o colecție de instrumente specializate pentru scanarea memoriei, injectarea în procese și interfețe de drivere kernel utilizate pentru a manipula mediul de execuție Windows. Oferă un framework pentru executarea codului la distanță, maparea imaginilor executabile portabile și gestionarea thread-urilor între diferite limite de proces. Proiectul include un driver de memorie kernel pentru a accesa memoria kernel și a modifica drepturile de manipulare pentru a ascunde alocările de detectarea în user-mode. De asemenea, dispune de o bibliotecă pentru interceptarea apelurilor de funcții în procese la distanță folosind întreruperi software și breakpoint-uri hardware. Toolkit-ul acoperă capabilități mai largi în manipularea memoriei virtuale, cum ar fi citirea, scrierea și alocarea memoriei în procese locale sau la distanță. Oferă, de asemenea, utilitare pentru căutarea de tipare în memorie pentru a localiza secvențe specifice de octeți și gestionarea modulelor pentru injectarea sau ejectarea binarilor.
Provides capabilities for executing custom assembly and code in external processes via remote thread creation.
OffensiveNim is a red teaming framework and post-exploitation toolkit developed in Nim. It provides a collection of low-level primitives and a Windows API wrapper designed for offensive security operations, including malware development and shellcode loading. The project focuses on evasion and obfuscation through techniques such as API unhooking, direct system calls, and anti-debugging mechanisms. It features diverse payload delivery methods, including reflective binary loading, the execution of .NET assemblies via CLR hosting, and various shellcode injection techniques using fibers, COM obje
Writes binary payloads to a remote process's memory and executes them via remote thread creation.
OffensiveRust is a red team toolkit and malware development kit written in Rust. It serves as an evasion framework and post-exploitation library, providing a collection of offensive security primitives and a Windows API wrapper for interacting with low-level system functions and undocumented APIs. The project focuses on bypassing security software through direct system calls, memory obfuscation, and stealthy payload execution. It implements techniques to defeat static binary analysis via compile-time string encryption and payload obfuscation, while avoiding detection using parent process ID s
Implements the execution of payloads in target processes by allocating memory and creating remote threads.