GetRektBoy724 / HalosUnhooker
Halos Gate-based NTAPI Unhooker
☆49Updated 2 years ago
Related projects: ⓘ
- Cobalt Strike UDRL for memory scanner evasion.☆34Updated 9 months ago
- My implementation of Halo's Gate technique in C#☆51Updated 2 years ago
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- Beacon Object File allowing creation of Beacons in different sessions.☆73Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated last week
- ☆50Updated last year
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆47Updated 2 years ago
- ☆33Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆50Updated 6 months ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆28Updated last year
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆151Updated last year
- Beacon Object Files (not Buffer Overflows)☆51Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- ☆43Updated 2 years ago
- Sleep Obfuscation☆39Updated last year
- ☆38Updated 11 months ago
- ☆94Updated 11 months ago
- ☆38Updated this week
- Command and Control☆23Updated last month
- ☆87Updated this week
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆93Updated last year
- ☆68Updated this week
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆93Updated last year
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆41Updated 6 months ago
- A simple BOF that frees UDRLs☆106Updated 2 years ago
- ☆52Updated this week
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆14Updated last year
- Rewrite to fit my needs☆25Updated last month