NimHollow – Nim Implementation Of Process Hollowing Using Syscalls (PoC)

Playing around with the Process Hollowing technique using Nim. Features: Direct syscalls for triggering Windows Native API functions with NimlineWhispers. Shellcode encryption/decryption with AES in CTR mode. Simple sandbox detection methods from the OSEP course by @offensive-security. AMSI patching with @rasta-mouse’s method is also inside (uncomment it for your needs). Usage Installation: ~$ git cloneRead More

X