EvilBytecode / Evilbytecode-GateLinks
Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing ntoskrnl.exe for Zw-prefixed system calls.
☆23Updated 4 months ago
Alternatives and similar repositories for Evilbytecode-Gate
Users that are interested in Evilbytecode-Gate are comparing it to the libraries listed below
Sorting:
- API Hammering with C++20☆49Updated 3 years ago
- ☆35Updated 4 months ago
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆31Updated last year
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆11Updated 4 months ago
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 5 months ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆31Updated last year
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆12Updated 4 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆79Updated 2 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆25Updated 4 months ago
- ☆32Updated last year
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆13Updated 2 years ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆50Updated last year
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆53Updated 11 months ago
- ☆27Updated last month
- Standalone Metasploit-like XOR encoder for shellcode☆48Updated last year
- a stage1 DLL loader with sleep obfuscation☆37Updated 2 years ago
- A C# implementation that disables Windows Firewall bypassing UAC☆15Updated 10 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆40Updated 11 months ago
- Exploiting the KsecDD Windows driver through Server Silos☆73Updated 9 months ago
- ☆11Updated 2 years ago
- Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…☆11Updated 4 months ago
- Linux Sleep Obfuscation☆105Updated last year
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆17Updated last year
- Obfuscate payloads using IPv4, IPv6, MAC or UUID strings☆20Updated last year
- idk man this was the default github name☆35Updated 2 years ago
- Hooked create process injection for meterpreter☆23Updated 4 years ago
- A simple Linux in-memory .so loader☆30Updated 2 years ago