Unhook Ntdll.dll, Go & C++.
β33Apr 21, 2025Updated 10 months ago
Alternatives and similar repositories for Ntdll-Unhook
Users that are interested in Ntdll-Unhook are comparing it to the libraries listed below
Sorting:
- π | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rubyβ10Apr 21, 2025Updated 10 months ago
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.β51May 22, 2025Updated 9 months ago
- A mutliple tactics to execute shellcode in go :}β24Apr 21, 2025Updated 10 months ago
- Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I doβ¦β12Apr 21, 2025Updated 10 months ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each functionβs name,β¦β15Apr 21, 2025Updated 10 months ago
- A malicous Golang Packageβ15Apr 21, 2025Updated 10 months ago
- A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.β85Sep 27, 2025Updated 5 months ago
- Measures average CPU cycles for the CPUID instruction to detect if the code is running in a VM by comparing against a threshold.β22Apr 21, 2025Updated 10 months ago
- Ransomware written in go, encrypt - decrypt.β30Apr 27, 2025Updated 10 months ago
- β18Oct 8, 2024Updated last year
- Enable-All-Tokens is a Go-based project designed to adjust and enable a list of specified privileges for the current process token on a Wβ¦β10Apr 21, 2025Updated 10 months ago
- Bypasses AMSI protection through remote memory patching and parsing technique.β55May 12, 2025Updated 10 months ago
- VBS-Obfuscator-GO is a Go-based tool designed for obfuscating VBScript (VBS) files. It transforms readable VBScript code into a less recoβ¦β38Apr 21, 2025Updated 10 months ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.β95Apr 27, 2025Updated 10 months ago
- Golang Implementation of Hell's gateβ21May 31, 2023Updated 2 years ago
- β26Aug 11, 2025Updated 7 months ago
- Kill malawarebytes process. Can be ported to any programming language.β12Apr 21, 2025Updated 10 months ago
- Mass malicious script dump/Malware src dumpβ16Nov 25, 2016Updated 9 years ago
- Backport of SliverStager to work with DotNetToJScript for vbaβ17Aug 9, 2024Updated last year
- Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found β¦β12Apr 21, 2025Updated 10 months ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flowβ18Jun 26, 2025Updated 8 months ago
- A PowerShell malware that disables all the Windows Security features with UAC Bypass and Anti-VM features. (Designed to work both as a poβ¦β46May 24, 2025Updated 9 months ago
- Preventing 3rd Party DLLs from Injecting into your Malwareβ25Aug 31, 2021Updated 4 years ago
- β13May 21, 2025Updated 9 months ago
- Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driverβ294Apr 21, 2025Updated 10 months ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsingβ¦β26Apr 21, 2025Updated 10 months ago
- Two in one, patch lifetime powershell console, no more etw and amsi!β103Apr 27, 2025Updated 10 months ago
- β21Jan 8, 2026Updated 2 months ago
- β33Jan 23, 2025Updated last year
- A fucking real shellcode loader with a GUI. Work-in-Progress.β82Jun 25, 2025Updated 8 months ago
- GenZ Shellcode Generator to execute commands with winExec APIβ22Apr 27, 2025Updated 10 months ago
- Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to neβ¦β28May 13, 2025Updated 10 months ago
- PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified β¦β19May 8, 2025Updated 10 months ago
- Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetryβ460Aug 2, 2024Updated last year
- Hunting and injecting RWX 'mockingjay' DLLs in pure nimβ60Dec 11, 2024Updated last year
- MacInjector is a tool that lists macOS applications, checks code-signing vulnerabilities, and injects a dynamic library (dylib) into a vu�β¦β17Oct 8, 2025Updated 5 months ago
- A runtime for developing large-scale and complex shellcode.β22Mar 3, 2026Updated 2 weeks ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR β¦β301Jul 31, 2024Updated last year
- HookDetectionβ45Sep 3, 2021Updated 4 years ago