An implementation and proof-of-concept of Process Forking.

Overview

ForkPlayground

A library to implement the Process Forking attack described in this blog post.

ForkLib - C++ library that implements the Process Forking attack.

ForkDump - Proof-of-Concept application to create a memory dump of an arbitrary process using the ForkLib.

Usage

ForkDump.exe [dump file name] [target process ID]

dump file name - The name of the file to write the dump of the process to.

target process ID - The process ID of the process whose memory the tool should dump.

Download

ForkDump x64

ForkDump x86

Issues
  • Code execution

    Code execution

    I've been looking for an answer to this for a while. Do you have any idea as to why it is not possible to create a thread inside a process created by NtCreateProcess(Ex)? I guess unless it was created using a section handle or an executable etc... The raw creation of a process where a handle to the target or NULL is passed as ParentProcess doesn't allow a thread to be created.

    Thanks for the article https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/#forking-your-own-process

    opened by Ou7law007 0
Releases(1.0.0)
Owner
Bill Demirkapi
Offensive Security @ Zoom. Junior at the Rochester Institute of Technology into reversing malware, games, and making cheats. Any work here is my own.
Bill Demirkapi
CredBandit - Proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process and send that back through your already existing Beacon communication channel

CredBandit CredBandit is a proof of concept Beacon Object File (BOF) that uses static x64 syscalls to perform a complete in memory dump of a process a

anthemtotheego 161 Aug 5, 2022
Proof-of-concept implementation for the paper "Osiris: Automated Discovery of Microarchitectural Side Channels" (USENIX Security'21)

Osiris This repository contains the implementation of the Osiris framework discussed in the research paper "Osiris: Automated Discovery of Microarchit

CISPA 38 Aug 8, 2022
A refactored Proof-of-concept originally developed in 2017 to print all function calls with their arguments data types and values using Ptrace during program execution.

print-function-args-debugger A refactored Proof-of-concept originally developed in 2017 to print all function calls with their arguments data types an

*finixbit 15 Jun 17, 2022
Proof of concept userspace filesystem that executes filenames as shell commands and makes the result accessible though reading the file.

ExecFS Proof of concept userspace filesystem that executes filenames as shell commands and makes the result accessible though reading the file. $ ./ex

Camel Coder 28 Aug 5, 2022
Proof of concept Beacon Object File (BOF) that attempts to detect userland hooks in place by AV/EDR

Detect-Hooks Detect-Hooks is a proof of concept Beacon Object File (BOF) that attempts to detect userland API hooks in place by AV/EDR. The BOF will r

anthemtotheego 119 Jul 29, 2022
A small proof-of-concept for using disk devices for DMA on Windows.

ddma A small proof-of-concept for using disk devices for DMA on Windows. Why Some native hypervisors (i.e. Hyper-V) allow the guest unvirtualized devi

null 42 Jun 7, 2022
A proof-of-concept port of uxn to the STM32duino environment

ArdUxno-demo A quick-and-dirty proof-of-concept port of Devine Lu Linvega's amazing Uxn virtual stack machine to an STM32 microcontroller. uxn.c and u

Cass Smith 12 Feb 9, 2022
The Machinery IDL - Proof of Concept

The Machinery IDL - Proof of Concept This is a proof of concept for an Interface Description Language isomorphic with C for describing C11 ABI compati

null 6 Jul 21, 2022
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept

CVE-2021-4034 Proof of Concept Qualys researches found a pretty cool local privilege escalation vulnerability in Polkit's pkexec: writeup, tweet. This

Marco Bonelli 20 Jun 22, 2022
Proof of Concept (PoC) CVE-2021-4034

PwnKit-Exploit CVE-2021-4034 @c0br40x help to make this section in README!! Proof of Concept [email protected]:~/PwnKit-Exploit$ make cc -Wall exploit.

Luis Javier 51 Jul 16, 2022
Proof of Concept for CVE-2021-1585: Cisco ASA Device Manager RCE

staystaystay staystaystay is a proof of concept exploit for CVE-2021-1585, a man in the middle or evil endpoint RCE issue affecting Cisco ASA Device M

Jake Baines 8 Jun 23, 2022
Proof of Concept 'GeoPackage' to Arrow Converter

gpkg The goal of gpkg is to provide a proof-of-concept reader for SQLite queries into Arrow C Data interface structures. Installation You can install

Dewey Dunnington 8 May 20, 2022
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

HOLLOW - Cobalt Strike BOF Authors: Bobby Cooke (@0xBoku) Justin Hamilton (@JTHam0) Octavio Paguaga (@OakTree__) Matt Kingstone (@n00bRage) Beacon Obj

Bobby Cooke 190 Jul 27, 2022
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

Process Ghosting This is my implementation of the technique presented by Gabriel Landau: https://www.elastic.co/blog/process-ghosting-a-new-executable

hasherezade 470 Aug 7, 2022
It's an 90 days challenge where all important concept of DSA I will be learning and solving using C++ or Java.

#90DaysDSA It's an 90 days challenge where all important concept of DSA I will be learning and solving using C++ or Java. Day 1 & 2 -> Space and Time

Priya_pp 1 Dec 11, 2021
Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe process

Custom HellsGate Implementation Assembly HellGate implementation that directly calls Windows System Calls and displays the PPID of the explorer.exe pr

Bobby Cooke 88 Jun 20, 2022
Future-proof NvENC & NvFBC patcher (Linux/Windows)

nvlax Future-proof NvENC & NvFBC patcher Requirements Working internet connection during configuration (i.e cloning does NOT include dependencies) CMa

Illyan Garte 89 Aug 2, 2022
A proof-of-oncept module adding real-time Wren support to Godot

Godot Wren Module This module adds a new node, called WrenManager, that allows for executing Wren code in Godot during runtime! Wren is a cool lightwe

null 3 Nov 28, 2021
Zero-Knowledge Proof Toolbox

Zkrypt是一个开源的C语言零知识证明算法库,旨在向用户提供简洁、高效的非交互式零知识证明协议接口,用户可以通过调用接口实现完整的零知识证明协议的流程,包括公共参数设置、证明生成和验证等步骤。 本项目由北京大学关志的密码学研究组开发维护。 特性 支持多种零知识证明协议(包括Groth16, Plo

Zhi Guan 13 Aug 10, 2022