EvilBytecode / Evilbytecode-GateLinks
Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing ntoskrnl.exe for Zw-prefixed system calls.
☆26Updated 9 months ago
Alternatives and similar repositories for Evilbytecode-Gate
Users that are interested in Evilbytecode-Gate are comparing it to the libraries listed below
Sorting:
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆42Updated last year
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆33Updated last year
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆13Updated 2 years ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Updated 9 months ago
- API Hammering with C++20☆49Updated 3 years ago
- Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…☆12Updated 9 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆27Updated 9 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆28Updated last year
- ☆30Updated 5 months ago
- Reports on Driver, LSASS and other security services mitigations☆34Updated 5 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- Standalone Metasploit-like XOR encoder for shellcode☆50Updated last year
- An example of COM hijacking using a proxy DLL.☆43Updated 4 years ago
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 10 months ago
- Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique☆19Updated last year
- Hooked create process injection for meterpreter☆23Updated 4 years ago
- ☆11Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆57Updated last year
- Splitting and executing shellcode across multiple pages☆103Updated 2 years ago
- ☆42Updated 11 months ago
- ☆60Updated 3 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Updated 3 years ago
- Next gen process injection technique☆54Updated 5 years ago
- ☆35Updated 2 years ago
- A Bumblebee-inspired Crypter☆80Updated 3 years ago
- Thats it! An Open-Source Windows UEFI Rootkit☆28Updated 6 months ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆92Updated 7 months ago
- Various methods of executing shellcode☆73Updated 2 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28Updated last year
- using the gpu to hide your payload☆63Updated 3 years ago