Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sinakarvandi/process-magics

This is a collection of interesting codes about Windows Process creation.
https://github.com/sinakarvandi/process-magics

Last synced: about 2 months ago
JSON representation

This is a collection of interesting codes about Windows Process creation.

Host: GitHub
URL: https://github.com/sinakarvandi/process-magics
Owner: SinaKarvandi
License: mit
Created: 2019-03-21T14:35:21.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2024-01-12T16:04:53.000Z (8 months ago)
Last Synced: 2024-04-06T09:33:55.347Z (6 months ago)
Language: C++
Size: 283 KB
Stars: 220
Watchers: 10
Forks: 54
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-security-collection - **89**星

README

# Process-Magics
This is a collection of interesting codes about Windows Process creation.

## CriticalProcess
This program enables SeDebugPrivilege and then sets its own process as Windows Critical Process, if by any reason the process is killed or closed then as it's a critical process, a blue screen appears.

## EnumAllHandles
This program enumerates all the handles from all the processes using a call to the native API NtQuerySystemInformation.

## ImpersonateNtlmNegotiation
This program is a client-server example of how a server can impersonate client through SSPI connections using ImpersonateSecurityContext.

## ImpersonationPipeLine
This program is a client-server example of how a server can impersonate client through named pipe connections using ImpersonateNamedPipeClient.

## Bypass Sysmon With Updating Rules
This project aims to bypass Sysmon's "16. Sysmon config states change" by directly sending update IOCTL to Sysmon's driver and as a result, completely bypasses Sysmon.