Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing ntoskrnl.exe for Zw-prefixed system calls.
☆26Apr 21, 2025Updated 10 months ago
Alternatives and similar repositories for Evilbytecode-Gate
Users that are interested in Evilbytecode-Gate are comparing it to the libraries listed below
Sorting:
- Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…☆12Apr 21, 2025Updated 10 months ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…☆15Apr 21, 2025Updated 10 months ago
- HardwareTurningPoint, Fully Go Compatible Hardware Breakpoint☆16Jan 30, 2025Updated last year
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …☆19May 8, 2025Updated 9 months ago
- ☆21Jan 8, 2026Updated last month
- Utilizing DLang For Offensive Operations.☆14May 29, 2025Updated 9 months ago
- Bypassing Major EDR's with staged shellcode, custom getmodulehandleW and getprocaddress, veh syscalls & more.☆26Apr 21, 2025Updated 10 months ago
- Parent Process ID Spoofing, coded in CGo.☆24Apr 21, 2025Updated 10 months ago
- Kill malawarebytes process. Can be ported to any programming language.☆12Apr 21, 2025Updated 10 months ago
- ☆36Nov 8, 2024Updated last year
- extract chromium-based browser's cookies using chrome's remote debugging without admin rights☆22Nov 3, 2024Updated last year
- Ransomware written in go, encrypt - decrypt.☆30Apr 27, 2025Updated 10 months ago
- A malicous Golang Package☆15Apr 21, 2025Updated 10 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆136Aug 31, 2025Updated 5 months ago
- golang decryption poc of the new app bound encryption introduced in chrome version 127.☆22Nov 4, 2024Updated last year
- Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.☆21Apr 21, 2025Updated 10 months ago
- Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…☆27May 13, 2025Updated 9 months ago
- NailaoLoader: Hiding Execution Flow via Patching☆22Feb 27, 2025Updated last year
- A 64 bit executable junk code engine for polymorphic malware.☆76Jun 16, 2025Updated 8 months ago
- Examples how to use a Assm (Assembly) in a go.☆23Apr 21, 2025Updated 10 months ago
- ☆10Jul 1, 2023Updated 2 years ago
- Cobalt Strike UDRL for memory scanner evasion.☆52Dec 4, 2023Updated 2 years ago
- Go Shellcode Loader to be Integrated in Exploration C2☆27Feb 7, 2025Updated last year
- Detect BypassUAC using AMSI☆29Feb 18, 2025Updated last year
- A tool written in golang which compress using UPX and patch it with the provided PE file to make "UPX -d" flag impossible to decompress a…☆28Jan 2, 2025Updated last year
- 使用kcp实现的socks5正向代理☆12Dec 9, 2023Updated 2 years ago
- the first BlankOBFv2 deobfuscator made in python☆10Jun 19, 2024Updated last year
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54May 12, 2025Updated 9 months ago
- Discord HTTP requests interception POC, including backup codes requests, for educational purposes only.☆25Jul 11, 2024Updated last year
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆92Apr 27, 2025Updated 10 months ago
- Windows C++ Implant for Exploration C2☆44Jan 26, 2026Updated last month
- Indirect Syscall with TartarusGate Approach in Go☆134Jul 8, 2025Updated 7 months ago
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …☆12Apr 21, 2025Updated 10 months ago
- 💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby☆10Apr 21, 2025Updated 10 months ago
- A tool designed to hook into Windows applications and output named (and anonymous?) pipe traffic.☆15Feb 27, 2024Updated 2 years ago
- Malware development in Go, learn today, anti dynamic analysis & Static & sandboxes.☆15Apr 21, 2025Updated 10 months ago
- Near compile-time string obfuscation for Golang☆13Oct 3, 2023Updated 2 years ago
- Reverse engineering malware samples☆16Dec 3, 2021Updated 4 years ago
- Lifetime AMSI bypass.☆36Apr 21, 2025Updated 10 months ago