DInvokeProcessHollowing

This repository is an implementation of process hollowing shellcode injection using DInvoke from SharpSploit. DInvoke allows operators to use unmanaged code while avoiding suspicious imports or API hooking.

The project contains an XOR encoded Calc.exe payload from msfvenom. If you'd like to use your own shellcode then it must be XOR encoded. This can done using the following program: https://github.com/passthehashbrowns/XorShellcode

References

Original process hollowing implementation: https://gist.github.com/smgorelik/9a80565d44178771abf1e4da4e2a0e75

SharpSploit: https://github.com/cobbr/SharpSploit

DInvoke: https://thewover.github.io/Dynamic-Invoke/

Process Injection With DInvoke: https://rastamouse.me/blog/process-injection-dinvoke/

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
DynamicInvoke		DynamicInvoke
ManualMap		ManualMap
Misc		Misc
PlatformInvoke		PlatformInvoke
System/Diagnostics/Eventing		System/Diagnostics/Eventing
DInvoke.csproj		DInvoke.csproj
Native.cs		Native.cs
PE.cs		PE.cs
ProcessHollowing.csproj		ProcessHollowing.csproj
Program.cs		Program.cs
README.md		README.md
Win32.cs		Win32.cs

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

DInvokeProcessHollowing

References

About

Releases

Packages

Languages

passthehashbrowns/DInvokeProcessHollowing

Folders and files

Latest commit

History

Repository files navigation

DInvokeProcessHollowing

References

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages