EvilBytecode / Nyx-Full-Dll-Unhook
(EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.
☆15Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for Nyx-Full-Dll-Unhook
- Unhook Ntdll.dll, Go & C++.☆13Updated 4 months ago
- Ransomware written in go, encrypt - decrypt.☆15Updated 4 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆22Updated 2 months ago
- A collection of red team techniques.☆14Updated this week
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 9 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆41Updated 8 months ago
- Threadless injection via TLS callbacks☆15Updated this week
- C# API for Nidhogg rootkit☆16Updated 6 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆55Updated last year
- Using LNK files and user input simulation to start processes under explorer.exe☆23Updated 2 months ago
- Parent Process ID Spoofing, coded in CGo.☆21Updated 4 months ago
- Section-based payload obfuscation technique for x64☆58Updated 3 months ago
- A simple PoC of injection shellcode into a remote process and get the output using namepipe☆37Updated 10 months ago
- TypeLib persistence technique☆75Updated last month
- DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…☆37Updated 6 months ago
- ☆37Updated last month
- stack spoofing☆55Updated this week
- Classic Process Injection with Memory Evasion Techniques implemantation☆63Updated last year
- UAC Bypass via CMUACUtil & PEB Enumeration, Undetected for now.☆44Updated 6 months ago
- Indirect NT syscalls LSASS dumper.☆36Updated last year
- Windows AppLocker Driver (appid.sys) LPE☆36Updated 3 months ago
- Explorer Persistence technique : Hijacking cscapi.dll order loading path and writing our malicious dll into C:\Windows\cscapi.dll , when …☆77Updated last year
- A simple BOF (Beacon Object File) to search files in the system☆11Updated 11 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆42Updated 8 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆58Updated 8 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆39Updated 11 months ago
- convert compatible dlls to shellcode with sRDI. I don't remember where this came from, so if you recognize the code, let me know and I'll…☆12Updated 7 months ago