EvilBytecode / Nyx-Full-Dll-Unhook
(EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
β19Updated 8 months ago
Alternatives and similar repositories for Nyx-Full-Dll-Unhook:
Users that are interested in Nyx-Full-Dll-Unhook are comparing it to the libraries listed below
- π | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rubyβ10Updated 9 months ago
- Unhook Ntdll.dll, Go & C++.β21Updated this week
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system cβ¦β24Updated 7 months ago
- Core Submodule of Exploration C2β16Updated 2 weeks ago
- A simple BOF (Beacon Object File) to search files in the systemβ13Updated last year
- β27Updated 3 months ago
- Parent Process ID Spoofing, coded in CGo.β22Updated 9 months ago
- Windows C++ Implant for Exploration C2β29Updated last month
- EmbedExeLnk by x86matthew modified by d4rkiZβ40Updated last year
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ44Updated last year
- Change hash for a signed peβ16Updated last year
- shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hooks by resolving system calls manually froβ¦β9Updated this week
- Proxy function calls through the thread pool with easeβ25Updated last month
- β36Updated 2 years ago
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when β¦β83Updated 2 years ago
- converts sRDI compatible dlls to shellcodeβ23Updated 3 months ago
- A POC of a new βthreadlessβ process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and reβ¦β23Updated last year
- Encode shellcode into dictionary words for evasion and entropy reductionβ25Updated 5 months ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected processβ44Updated 2 years ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.β13Updated last month
- BypassCredGuard CS BOFβ38Updated 3 months ago
- a demo module for the kaine agent to execute and inject assembly modulesβ37Updated 7 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.β47Updated last year
- Threadless shellcode injection toolβ63Updated 8 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process holβ¦β69Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loaderβ45Updated last year
- Execute dotnet app from unmanaged processβ73Updated 3 months ago
- Classic Process Injection with Memory Evasion Techniques implemantationβ69Updated last year
- Cobalt Strike UDRL for memory scanner evasion.β50Updated last year
- Artemis - C++ Hell's Gate Syscall Implementationβ32Updated last year