HOLLOW
Shellcode injector
A tool that enables remote process shellcode execution using the Early Bird injection technique
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
267 stars
10 watching
57 forks
Language: C
last commit: almost 2 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
| boku7/spawn | A Cobalt Strike Beacon tool that spawns a sacrificial process to execute shellcode, using techniques like Arbitrary Code Guard and PPID spoofing to evade detection. | 440 |
 tomcarver16/bof-dll-inject | A tool for injecting malware into processes by mapping it to memory without registering it with the kernel. | 147 |
| boku7/injectamsibypass | A tool that bypasses AMSI in a remote process with code injection. | 377 |
 iilegacyyii/threadlessinject-bof | A tool that enables process injection without thread creation by hooking an export function from a remote process. | 369 |
| boku7/whereami | A tool that extracts environment variables from a process without touching system DLLs using hand-crafted shellcode | 160 |
 hasherezade/transacted_hollowing | An implementation of a memory-based PE injection technique for executing payloads in a target process | 521 |
| boku7/injectetwbypass | Tool to bypass ETW (Event Tracing for Windows) security measure in remote processes by injecting a custom syscall | 276 |
| boku7/halosgate-ps | A Cobalt Strike Beacon Object File (BOF) that uses custom syscaller code to make direct system calls to retrieve process information on the target system. | 95 |
 plackyhacker/shellcode-injection-techniques | A collection of C# techniques for injecting malicious shellcode into processes | 450 |
 droberson/papa-shango | An assembler-based tool to inject shellcode into running processes on Linux using ptrace(), allowing for controlled modification of process behavior. | 5 |
 apokryptein/secinject | A tool for injecting malicious code into processes using native APIs and memory section mapping. | 88 |
 outflanknl/findobjects-bof | An exploit tool that uses direct system calls to enumerate processes based on specific loaded modules or process handles | 266 |
 chvancooten/nimplant | A lightweight implant tool allowing users to create and execute custom in-memory operations on Windows | 810 |
 bronzeticket/clipboardwindow-inject | A tool that injects malicious code into the clipboard window of a remote process to execute custom shellcode | 65 |
 dtmsecurity/bof_helper | Creates C programs with custom API calls using Microsoft's documentation endpoint and grep results from mingw header files | 222 |