GitHub - crypt0ace/ProcessHollow: Process Hollowing POC written in C#

Process Hollowing

This is a poc for process hollowing shellcode technique wwritten in C#.
Uses a XOR encrypted msfvenom generated payload. Creates a process of svchost.exe in suspended state and injects shellcode into it. For full explaination I'll be writing a blog soon on here.

Powershell

It also contains a powershell script hollow.ps1 which can load the program in it if you wanna do it all in memory without touching disk. Remember to change the IP.

Bypass

Also includes a AMSI bypass which is loaded in the hollow.ps1 script. The bypass is courtesy of CRTP by pentester academy.

Obfuscated Version

The obfuscated version is obfuscated with Rosfuscator by Melvin Langvik.

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
Imports		Imports
Obfuscated Version		Obfuscated Version
Properties		Properties
bin/Release		bin/Release
obj		obj
App.config		App.config
Process-Hollowing.csproj		Process-Hollowing.csproj
Process-Hollowing.sln		Process-Hollowing.sln
Program.cs		Program.cs
README.md		README.md
bypass.ps1		bypass.ps1
hollow.ps1		hollow.ps1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Process Hollowing

Powershell

Bypass

Obfuscated Version

About

Uh oh!

Releases

Packages

Uh oh!

Languages

crypt0ace/ProcessHollow

Folders and files

Latest commit

History

Repository files navigation

Process Hollowing

Powershell

Bypass

Obfuscated Version

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages