EvilBytecode / SsnRetrieval
Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.
☆10Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for SsnRetrieval
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆16Updated 3 months ago
- run process as PPL Antimalware☆11Updated last year
- GetSyscallStubCGo.☆10Updated 3 months ago
- Unhook Ntdll.dll, Go & C++.☆14Updated 4 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆40Updated 8 months ago
- Parent Process ID Spoofing, coded in CGo.☆21Updated 4 months ago
- Near compile-time string obfuscation for Golang☆13Updated last year
- Cobalt Strike Beacon Object File to enable the webdav client service on x64 windows hosts☆17Updated last year
- Cobalt Strike notifications via NTFY.☆13Updated last month
- Golang Implementation of Hell's gate☆15Updated last year
- a demo module for the kaine agent to execute and inject assembly modules☆35Updated 2 months ago
- ☆21Updated 6 months ago
- Dynamically resolve API function addresses at runtime in a secure manner.☆44Updated last month
- Command and Control☆21Updated 3 months ago
- Ransomware written in go, encrypt - decrypt.☆16Updated 4 months ago
- An advanced shellcode loader with many builtin features☆13Updated last year
- convert compatible dlls to shellcode with sRDI. I don't remember where this came from, so if you recognize the code, let me know and I'll…☆12Updated 6 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆39Updated 10 months ago
- A simple website to act as a store for havoc modules and extensions☆22Updated 5 months ago
- A simple rpc2socks alternative in pure Go.☆23Updated 4 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆32Updated last year
- Load and execute a common object file format (COFF) in the current process☆25Updated 8 months ago
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆30Updated last year
- ☆48Updated last year
- Just another Process Injection using Process Hollowing technique.☆16Updated last year
- Ntdll Unhooking POC☆19Updated 2 years ago
- Research into WinSxS binaries and finding hijackable paths☆23Updated 5 months ago
- Modified Version of Melkor @FuzzySecurity capable of creating disposable AppDomains in injected processes.☆27Updated 3 years ago
- BOF for C2 framework☆40Updated this week