Unhook Ntdll.dll, Go & C++.
β33Apr 21, 2025Updated 10 months ago
Alternatives and similar repositories for Ntdll-Unhook
Users that are interested in Ntdll-Unhook are comparing it to the libraries listed below
Sorting:
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.β51May 22, 2025Updated 9 months ago
- π | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rubyβ10Apr 21, 2025Updated 10 months ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each functionβs name,β¦β15Apr 21, 2025Updated 10 months ago
- Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I doβ¦β12Apr 21, 2025Updated 10 months ago
- A mutliple tactics to execute shellcode in go :}β23Apr 21, 2025Updated 10 months ago
- A malicous Golang Packageβ15Apr 21, 2025Updated 10 months ago
- A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.β84Sep 27, 2025Updated 5 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.β54May 12, 2025Updated 9 months ago
- β26Aug 11, 2025Updated 6 months ago
- Golang Implementation of Hell's gateβ21May 31, 2023Updated 2 years ago
- GenZ Shellcode Generator to execute commands with winExec APIβ22Apr 27, 2025Updated 10 months ago
- A cheatsheet and mindmap for CRTO certificationβ14Mar 22, 2023Updated 2 years ago
- ATL.dll and WmiMgmt.msc UAC Bypassβ12Apr 26, 2025Updated 10 months ago
- Awesome list of Living off the Land (LOL) methods, tools, and features commonly abused by attackersβ34Apr 2, 2025Updated 10 months ago
- β33Jan 23, 2025Updated last year
- Native Shellcode Injector Via Handle Hijacking & Pool Party.β13Apr 11, 2024Updated last year
- Backport of SliverStager to work with DotNetToJScript for vbaβ16Aug 9, 2024Updated last year
- this is a simple shell that has the ability to bypass defensesβ13May 24, 2024Updated last year
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flowβ18Jun 26, 2025Updated 8 months ago
- helper encrypt dataβ10Jun 2, 2021Updated 4 years ago
- Mass malicious script dump/Malware src dumpβ16Nov 25, 2016Updated 9 years ago
- Attack Active Directory Trusts with a single toolβ14Jan 15, 2025Updated last year
- Advanced shellcode injector for images supports BMP, GIF, EXIF (JPEG), and LSB (PNG) techniques. Includes XOR encoding, offset indexing, β¦β25Jun 11, 2025Updated 8 months ago
- The command prompt has been disabled by your administratorβ42May 18, 2023Updated 2 years ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.β92Apr 27, 2025Updated 10 months ago
- A fucking real shellcode loader with a GUI. Work-in-Progress.β82Jun 25, 2025Updated 8 months ago
- Ransomware written in go, encrypt - decrypt.β30Apr 27, 2025Updated 10 months ago
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found β¦β12Apr 21, 2025Updated 10 months ago
- havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Mostβ¦β12May 8, 2023Updated 2 years ago
- β12May 21, 2025Updated 9 months ago
- β21Jan 8, 2026Updated last month
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified β¦β19May 8, 2025Updated 9 months ago
- β22Aug 16, 2025Updated 6 months ago
- ZoomBotC2 is a stealthy Command and Control (C2) framework that leverages Zoom's API endpoints for covert communication between implants β¦β56Jun 30, 2025Updated 7 months ago
- Aggressor script to automatically download and load an arsenal of open source and private Cobalt Strike tooling.β45Aug 16, 2024Updated last year
- Hunting and injecting RWX 'mockingjay' DLLs in pure nimβ59Dec 11, 2024Updated last year
- A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)β61Feb 4, 2026Updated 3 weeks ago
- VBS-Obfuscator-GO is a Go-based tool designed for obfuscating VBScript (VBS) files. It transforms readable VBScript code into a less recoβ¦β38Apr 21, 2025Updated 10 months ago
- Broctl plugin for automatically executing 'setcap' on each node after an installβ13Dec 18, 2020Updated 5 years ago