EvilBytecode / Evilbytecode-Gate
Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing ntoskrnl.exe for Zw-prefixed system calls.
☆20Updated 2 months ago
Alternatives and similar repositories for Evilbytecode-Gate:
Users that are interested in Evilbytecode-Gate are comparing it to the libraries listed below
- Remap ntdll.dll using only NTAPI functions with a suspended process☆21Updated last week
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆31Updated 10 months ago
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆27Updated 8 months ago
- An example of COM hijacking using a proxy DLL.☆28Updated 3 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- API Hammering with C++20☆46Updated 2 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆25Updated 10 months ago
- Small tool to play with IOCs caused by Imageload events☆42Updated last year
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆44Updated last year
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆16Updated 9 months ago
- RunPE adapted for x64 and written in C, does not use RWX☆25Updated 11 months ago
- Callstack spoofing using a VEH because VEH all the things.☆21Updated last month
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Unhook Ntdll.dll, Go & C++.☆21Updated this week
- AIDA64DRIVER Elevation of Privilege Vulnerability☆13Updated 5 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆37Updated 7 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆71Updated this week
- Self Delete DLL☆23Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆47Updated 7 months ago
- This exploit use PEB walk technique to resolve API calls dynamically, obfuscate all API calls to perform process injection.☆17Updated 8 months ago
- ☆12Updated last year
- Just another casual shellcode native loader☆24Updated 3 years ago
- ☆29Updated 4 months ago
- A simple PE loader.☆25Updated 2 years ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆54Updated 2 years ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆45Updated last year
- Process Injection: APC Injection☆29Updated 4 years ago
- ☆38Updated 2 months ago
- A simple Linux in-memory .so loader☆30Updated 2 years ago