EvilBytecode / Ntdll-UnhookLinks
Unhook Ntdll.dll, Go & C++.
☆27Updated 3 months ago
Alternatives and similar repositories for Ntdll-Unhook
Users that are interested in Ntdll-Unhook are comparing it to the libraries listed below
Sorting:
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆76Updated 11 months ago
- Section-based payload obfuscation technique for x64☆64Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆61Updated last year
- Identifies LOLDrivers that are not blocked by the active HVCI policy — ideal for BYOVD scenarios.☆60Updated 2 weeks ago
- FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…☆26Updated 4 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51Updated last year
- Shellcode Loader Utilizing ETW Events☆64Updated 5 months ago
- Rewrite to fit my needs☆30Updated last year
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆63Updated last year
- Do some DLL SideLoading magic☆85Updated last year
- 「⚙️」Detect which native Windows API's (NtAPI) are being hooked☆38Updated 8 months ago
- Construct the payload at runtime using an array of offsets☆63Updated last year
- ☆35Updated 7 months ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Updated 6 months ago
- Early Bird Cryo Injections – APC-based DLL & Shellcode Injection via Pre-Frozen Job Objects☆100Updated 4 months ago
- Red Team Operation's Defense Evasion Technique.☆54Updated last year
- Splitting and executing shellcode across multiple pages☆102Updated 2 years ago
- Sleep Obfuscation☆45Updated 2 years ago
- shell code example☆61Updated 2 months ago
- ☆87Updated 11 months ago
- I have documented all of the AMSI patches that I learned till now☆73Updated 4 months ago
- ☆49Updated 3 weeks ago
- a simple poc showcasing the ability of an admin to suspend EDR's protected processes , making it useless☆38Updated last year
- Threadless shellcode injection tool☆66Updated last year
- ☆34Updated 4 months ago
- Version 2 - A modern 64-bit position independent meterpreter and Sliver compatible reverse_TCP Staging Shellcode based on Cracked5piders …☆103Updated 4 months ago
- converts sRDI compatible dlls to shellcode☆30Updated 6 months ago
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated 9 months ago
- ☆56Updated 9 months ago
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆37Updated last month