EvilBytecode / SsnRetrieval
Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.
☆11Updated 7 months ago
Alternatives and similar repositories for SsnRetrieval:
Users that are interested in SsnRetrieval are comparing it to the libraries listed below
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆19Updated 8 months ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆20Updated last month
- Unhook Ntdll.dll, Go & C++.☆21Updated 8 months ago
- Parent Process ID Spoofing, coded in CGo.☆22Updated 9 months ago
- run process as PPL Antimalware☆10Updated last year
- Near compile-time string obfuscation for Golang☆13Updated last year
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆30Updated 9 months ago
- NailaoLoader: Hiding Execution Flow via Patching☆19Updated last month
- ☆25Updated 2 months ago
- shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hooks by resolving system calls manually fro…☆9Updated 6 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆38Updated 7 months ago
- command control framework☆20Updated this week
- Golang Implementation of Hell's gate☆17Updated last year
- A simple BOF (Beacon Object File) to search files in the system☆12Updated last year
- ☆21Updated 11 months ago
- GetSyscallStubCGo.☆10Updated 7 months ago
- Less sugar (entropy) for your binaries☆17Updated last week
- In-memory hiding technique☆47Updated 2 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆44Updated last year
- Some anti-sandbox techniques implemented in Golang.☆10Updated last year
- C# API for Nidhogg rootkit☆17Updated 11 months ago
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆27Updated 3 years ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆44Updated last year
- Load and execute a common object file format (COFF) in the current process☆28Updated last year
- Beacon Debugger☆40Updated 5 months ago
- This project is an EDRSandblast fork, adding some features and custom pieces of code.☆22Updated last year
- Ntdll Unhooking POC☆19Updated 2 years ago
- Proxy function calls through the thread pool with ease☆23Updated last month
- ☆37Updated last month
- ☆16Updated 7 months ago