{"id":16482139,"url":"https://github.com/riskydissonance/ridgway","last_synced_at":"2025-07-10T17:32:22.015Z","repository":{"id":72316409,"uuid":"168422916","full_name":"riskydissonance/Ridgway","owner":"riskydissonance","description":"A quick tool for hiding a new process running shellcode.","archived":false,"fork":false,"pushed_at":"2020-06-10T13:30:57.000Z","size":23,"stargazers_count":57,"open_issues_count":0,"forks_count":14,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-07-07T18:14:46.219Z","etag":null,"topics":["process-manipulation","shellcode"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/riskydissonance.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-01-30T22:07:04.000Z","updated_at":"2025-02-03T12:02:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"243e760e-6ba6-4ce1-aab4-260a64928363","html_url":"https://github.com/riskydissonance/Ridgway","commit_stats":null,"previous_names":["m0rv4i/ridgway"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/riskydissonance/Ridgway","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riskydissonance%2FRidgway","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riskydissonance%2FRidgway/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riskydissonance%2FRidgway/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riskydissonance%2FRidgway/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/riskydissonance","download_url":"https://codeload.github.com/riskydissonance/Ridgway/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/riskydissonance%2FRidgway/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264619347,"owners_count":23638437,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["process-manipulation","shellcode"],"created_at":"2024-10-11T13:09:45.325Z","updated_at":"2025-07-10T17:32:21.980Z","avatar_url":"https://github.com/riskydissonance.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ridgway\n\nA quick tool for hiding a new process running shellcode.\n\nNot sure it adds much value compared to just migrating into an existing process, was more of an exercise for learning C++ and playing with the Windows APIs.\n\n## What's it do?\n\nIt will create an instance of the given process and set that process' parent to that of the ID passed in, helping hide the process.\n\nIt will then inject some shellcode (hard coded so change before compiling) into that process, using a few different methods.\n\n## Usage\n\n`Ridgway.exe \u003cprocess path\u003e \u003cparentProcessId\u003e`\n\nWithout arguments the binary uses C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe and uses explorer.exe as the parent.\n\n### Example\n\n`Ridgway.exe C:\\Windows\\syswow64\\notepad.exe 1337`\n\n## Cobalt Strike\n\nThere's an aggressor script **artifact.cna** which can be loaded into Cobalt Strike so that the generated Windows Executables use this executable.\nNote you need to keep the default shellcode of 'A's, and may need to change the path to the **encoded_payload.sh** script in the artifact.cna.\n\n## Name\n\nFor those interested it's named after Stan Ridgway, who sang [this belter](https://www.youtube.com/watch?v=VgRXdozljRs), as that's exactly what we're trying to do here.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Friskydissonance%2Fridgway","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Friskydissonance%2Fridgway","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Friskydissonance%2Fridgway/lists"}