EvilBytecode / Nyx-Full-Dll-Unhook
(EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
β19Updated 7 months ago
Alternatives and similar repositories for Nyx-Full-Dll-Unhook:
Users that are interested in Nyx-Full-Dll-Unhook are comparing it to the libraries listed below
- Unhook Ntdll.dll, Go & C++.β21Updated 8 months ago
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ44Updated last year
- Windows C++ Implant for Exploration C2β28Updated last week
- Core Submodule of Exploration C2β15Updated last week
- Threadless injection via TLS callbacksβ16Updated 4 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system cβ¦β24Updated 6 months ago
- A Cobalt Strike payload generator and lateral movement aggressor script which places Beacon shellcode into a custom shellcode loaderβ19Updated 6 months ago
- a demo module for the kaine agent to execute and inject assembly modulesβ37Updated 6 months ago
- Classic Process Injection with Memory Evasion Techniques implemantationβ68Updated last year
- shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hooks by resolving system calls manually froβ¦β9Updated 6 months ago
- converts sRDI compatible dlls to shellcodeβ22Updated 2 months ago
- Parent Process ID Spoofing, coded in CGo.β22Updated 8 months ago
- Proxy function calls through the thread pool with easeβ23Updated 3 weeks ago
- β20Updated last year
- β36Updated 2 years ago
- Section-based payload obfuscation technique for x64�β59Updated 7 months ago
- Ransomware written in go, encrypt - decrypt.β18Updated 8 months ago
- β25Updated 2 months ago
- Near compile-time string obfuscation for Golangβ13Updated last year
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.β46Updated last year
- Encode shellcode into dictionary words for evasion and entropy reductionβ23Updated 4 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process holβ¦β68Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dllβ36Updated last year
- Cobalt Strike UDRL for memory scanner evasion.β48Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.β62Updated last year
- Execute dotnet app from unmanaged processβ71Updated 2 months ago
- Creation and removal of Defender path exclusions and exceptions in C#.β30Updated last year
- Threadless shellcode injection toolβ63Updated 7 months ago
- Using LNK files and user input simulation to start processes under explorer.exeβ24Updated 6 months ago
- Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each functionβs name,β¦β11Updated 7 months ago