Dewera / Pluto
A manual system call library that supports functions from both ntdll.dll and win32u.dll
☆108Updated last year
Alternatives and similar repositories for Pluto:
Users that are interested in Pluto are comparing it to the libraries listed below
- A Proof-of-Concept implementation for Proxy Object Obfuscation in .NET☆45Updated 2 years ago
- .NET assembly local/remote loading/injection into memory.☆131Updated 5 years ago
- A C# port of the MinHook API hooking library☆208Updated 2 years ago
- Executing a .NET Assembly from C++ in Memory (CLR Hosting)☆188Updated 8 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆57Updated 2 years ago
- Packer compressing .net assemblies, (ab)using the PE format for data storage☆171Updated 2 years ago
- Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.☆82Updated 5 years ago
- A simple POC to demonstrate the power of .NET debugging for injection☆72Updated 4 years ago
- Easy XOR string encryption for NET based binaries☆133Updated last year
- A lightweight .NET assembly dependency merger that uses dnLib and 7zip's LZMA SDK for compressing dependant assemblies.☆96Updated 5 months ago
- A collection of weird ways to execute unmanaged code in .NET☆161Updated 3 years ago
- This project describes a technique how a NATIVE dynamic link library (DLL) can be loaded from memory (In C#) without storing it on the ha…☆72Updated 5 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI☆232Updated last year
- Learning Process Injection and Hollowing techniques☆41Updated 2 years ago
- ☆20Updated 2 years ago
- C# library to load a native DLL from memory without the need to allow unsafe code☆90Updated 5 years ago
- Bare template for a Kernel Mode Driver☆51Updated 4 years ago
- A string obfuscator for .NET apps, built to evade static string analysis.☆101Updated 2 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆185Updated 4 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆42Updated 7 years ago
- Bringing kernel driver to C# with NativeAOT (Surpassed by https://github.com/ZeroLP/WDK.NET)☆45Updated 2 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆107Updated 3 years ago
- Run Processes as PPL with ELAM☆153Updated 2 years ago
- Runs programs as TrustedInstaller☆49Updated 5 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆214Updated 2 years ago
- Simple packer for arbitrary data using only .NET API calls. Produces a unique signature with every usage. Standalone program and library.…☆90Updated 5 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆195Updated 4 years ago
- Dump .net assembly from a native loader which uses ClrCreateinstance☆54Updated 2 years ago
- Transforms a .NET binary into a chain of meaningless-looking await expressions.☆68Updated last month