EvilBytecode / SsnRetrieval
Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.
☆11Updated 2 weeks ago
Alternatives and similar repositories for SsnRetrieval:
Users that are interested in SsnRetrieval are comparing it to the libraries listed below
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆18Updated 2 weeks ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆20Updated 2 weeks ago
- Parent Process ID Spoofing, coded in CGo.☆21Updated 2 weeks ago
- ☆27Updated 3 months ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆21Updated 3 weeks ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆44Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆38Updated 8 months ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆31Updated 10 months ago
- How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.☆13Updated 2 weeks ago
- run process as PPL Antimalware☆10Updated last year
- ☆38Updated 2 months ago
- Unhook Ntdll.dll, Go & C++.☆21Updated 2 weeks ago
- A simple BOF (Beacon Object File) to search files in the system☆14Updated last year
- GetSyscallStubCGo.☆10Updated 2 weeks ago
- Near compile-time string obfuscation for Golang☆13Updated last year
- Golang Implementation of Hell's gate☆17Updated last year
- Proxy function calls through the thread pool with ease☆25Updated 2 months ago
- 💎 | RubyRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Ruby☆9Updated 2 weeks ago
- ☆30Updated 3 weeks ago
- ☆17Updated 2 months ago
- An In-memory Embedding of CPython☆28Updated 3 years ago
- NailaoLoader: Hiding Execution Flow via Patching☆20Updated 2 months ago
- A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …☆49Updated 3 months ago
- AIDA64DRIVER Elevation of Privilege Vulnerability☆13Updated 6 months ago
- BOF for C2 framework☆41Updated 5 months ago
- Load and execute a common object file format (COFF) in the current process☆28Updated last year
- Windows C++ Implant for Exploration C2☆29Updated last month
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆28Updated 3 years ago
- Less sugar (entropy) for your binaries☆20Updated last month
- A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …☆14Updated 2 months ago