0xPrimo / Ntdll-UnhookingLinks
Ntdll Unhooking
☆12Updated 2 months ago
Alternatives and similar repositories for Ntdll-Unhooking
Users that are interested in Ntdll-Unhooking are comparing it to the libraries listed below
Sorting:
- ☆27Updated 5 months ago
- Less sugar (entropy) for your binaries☆25Updated 3 months ago
- A (quite) simple steganography algorithm to hide shellcodes within bitmap image.☆21Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆50Updated last year
- NailaoLoader: Hiding Execution Flow via Patching☆21Updated 3 months ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆36Updated last year
- 💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby☆10Updated 2 months ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆31Updated last year
- Beacon Debugger☆40Updated 7 months ago
- A 64 bit executable junk code engine for polymorphic malware.☆43Updated last week
- A bunch of shenanigans using functions, VEH and more☆24Updated 2 weeks ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆42Updated 2 years ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆23Updated last year
- PoC for a Havoc agent/handler setup with all C2 traffic routed through GitHub. No direct connections: all commands and responses are rela…☆24Updated last week
- ☆30Updated 3 months ago
- Unhook Ntdll.dll, Go & C++.☆24Updated 2 months ago
- converts sRDI compatible dlls to shellcode☆29Updated 5 months ago
- BypassCredGuard CS BOF☆42Updated 5 months ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆19Updated 2 months ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆18Updated 2 years ago
- a demo module for the kaine agent to execute and inject assembly modules☆38Updated 9 months ago
- ☆54Updated 2 years ago
- A simple BOF (Beacon Object File) to search files in the system☆14Updated last year
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Updated 3 years ago
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆10Updated 2 months ago
- Proxy function calls through the thread pool with ease☆28Updated 3 months ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆45Updated 2 years ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Updated 4 months ago
- Using LNK files and user input simulation to start processes under explorer.exe☆25Updated 9 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆24Updated 9 months ago