EvilBytecode / Evilbytecode-GateLinks
Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing ntoskrnl.exe for Zw-prefixed system calls.
☆26Updated 9 months ago
Alternatives and similar repositories for Evilbytecode-Gate
Users that are interested in Evilbytecode-Gate are comparing it to the libraries listed below
Sorting:
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆43Updated last year
- API Hammering with C++20☆49Updated 3 years ago
- An example of COM hijacking using a proxy DLL.☆43Updated 4 years ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆33Updated last year
- Remap ntdll.dll using only NTAPI functions with a suspended process☆27Updated 9 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated 2 years ago
- Splitting and executing shellcode across multiple pages☆102Updated 2 years ago
- a stage1 DLL loader with sleep obfuscation☆36Updated 3 years ago
- ☆38Updated 9 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆81Updated 7 months ago
- Reports on Driver, LSASS and other security services mitigations☆33Updated 5 months ago
- ☆30Updated 4 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Updated 3 years ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆28Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 10 months ago
- Hooked create process injection for meterpreter☆23Updated 4 years ago
- Small tool to play with IOCs caused by Imageload events☆44Updated 2 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Updated 2 years ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Updated 9 months ago
- ☆42Updated 11 months ago
- Demoting PPL anti-malware services to less than a guest user☆65Updated 11 months ago
- Next gen process injection technique☆54Updated 5 years ago
- RunPE adapted for x64 and written in C, does not use RWX☆28Updated last year
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆25Updated 2 years ago
- Shadow Rebirth - An Aggressive Outbreak Anti-Debugging Technique☆19Updated last year
- Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by…☆16Updated last year
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆58Updated 2 years ago
- Windows AppLocker Driver (appid.sys) LPE☆71Updated last year
- Thats it! An Open-Source Windows UEFI Rootkit☆27Updated 6 months ago
- ☆31Updated last year