EvilBytecode / SsnRetrieval
Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.
☆9Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for SsnRetrieval
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆16Updated 3 months ago
- Ransomware written in go, encrypt - decrypt.☆15Updated 4 months ago
- Unhook Ntdll.dll, Go & C++.☆14Updated 4 months ago
- C# API for Nidhogg rootkit☆16Updated 6 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆40Updated 8 months ago
- convert compatible dlls to shellcode with sRDI. I don't remember where this came from, so if you recognize the code, let me know and I'll…☆12Updated 7 months ago
- GetSyscallStubCGo.☆9Updated 3 months ago
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…☆22Updated last year
- Parent Process ID Spoofing, coded in CGo.☆21Updated 4 months ago
- A simple rpc2socks alternative in pure Go.☆24Updated 4 months ago
- run process as PPL Antimalware☆11Updated last year
- A simple website to act as a store for havoc modules and extensions☆22Updated 6 months ago
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆30Updated last year
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆22Updated 2 months ago
- An advanced shellcode loader with many builtin features☆13Updated last year
- A utility that can be used to launch an executable with a DLL injected☆19Updated last year
- Executes shellcode from a remote server and aims to evade in-memory scanners☆30Updated 5 years ago
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆17Updated last year
- In-memory hiding technique☆42Updated 5 months ago
- Golang Implementation of Hell's gate☆15Updated last year
- Mythic C2 Agent written in x64 PIC C☆26Updated this week
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆21Updated last year
- A malicous Golang Package☆10Updated 4 months ago
- A mechanism that trampoline hooks functions in x86/x64 systems.☆20Updated last month
- a demo module for the kaine agent to execute and inject assembly modules☆37Updated 2 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆24Updated 5 months ago
- ☆12Updated 3 months ago
- ☆21Updated 6 months ago
- Load and execute a common object file format (COFF) in the current process☆25Updated 8 months ago
- ☆27Updated 4 months ago