EvilBytecode / Evilbytecode-Gate
Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing ntoskrnl.exe for Zw-prefixed system calls.
☆18Updated 3 weeks ago
Alternatives and similar repositories for Evilbytecode-Gate:
Users that are interested in Evilbytecode-Gate are comparing it to the libraries listed below
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆30Updated 8 months ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆14Updated 8 months ago
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆43Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆36Updated 6 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆70Updated last year
- A simple Nim stager (w/ fiber execution)☆16Updated 3 years ago
- ☆36Updated last week
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- An example of COM hijacking using a proxy DLL.☆28Updated 3 years ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆10Updated 6 months ago
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆26Updated 6 months ago
- This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.☆16Updated 7 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆25Updated 9 months ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆41Updated last year
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆52Updated 2 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆15Updated 2 years ago
- API Hammering with C++20☆45Updated 2 years ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆42Updated last year
- Get your data from the resource section manually, with no need for windows apis☆58Updated 4 months ago
- A simple PE loader.☆26Updated 2 years ago
- Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by…☆14Updated 9 months ago
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆45Updated 3 years ago
- Unhook Ntdll.dll, Go & C++.☆19Updated 7 months ago
- Near compile-time string obfuscation for Golang☆13Updated last year
- Artemis - C++ Hell's Gate Syscall Implementation☆32Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆46Updated 5 months ago
- Simple and sane compression wrapper library.☆18Updated 2 years ago
- Load and execute a common object file format (COFF) in the current process☆27Updated 11 months ago