Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.
☆54Feb 29, 2024Updated 2 years ago
Alternatives and similar repositories for etwunhook
Users that are interested in etwunhook are comparing it to the libraries listed below
Sorting:
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆30Jan 30, 2025Updated last year
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆72Mar 6, 2024Updated 2 years ago
- DLL Unlinking from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, and LdrpHashTable☆60Dec 15, 2023Updated 2 years ago
- DFSCoerce exe revisited version with custom authentication☆42Jan 13, 2024Updated 2 years ago
- Demonstration of Early Bird APC Injection - MITRE ID T1055.004☆35Oct 31, 2023Updated 2 years ago
- GhostLoader - AppDomainManager - Injection - 攻壳机动队☆53May 21, 2020Updated 5 years ago
- Reflective DLL to privesc from NT Service to SYSTEM using SeImpersonateToken privilege☆225Nov 23, 2023Updated 2 years ago
- Cobalt Strike notifications via NTFY.☆15Sep 24, 2024Updated last year
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- A Dynamic MSBuild task to help with minor obfuscation of C# Binaries to evade static signatures on each compilation☆38Dec 7, 2025Updated 3 months ago
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆286Jan 21, 2024Updated 2 years ago
- This program is used to perform reflective DLL Injection to a remote process specified by the user.☆64Jul 11, 2023Updated 2 years ago
- Library of BOFs to interact with SQL servers☆223Dec 3, 2025Updated 3 months ago
- ☆129Jun 28, 2023Updated 2 years ago
- CreateRemoteThreadPlus: how to pass multiple parameters to the remote thread function without shellcode.☆138Jul 10, 2025Updated 7 months ago
- really ?☆12Feb 29, 2024Updated 2 years ago
- Released presentations of my talks + code that used during these talks☆15Sep 5, 2024Updated last year
- Modify managed functions from unmanaged code☆53Feb 1, 2024Updated 2 years ago
- Work, timer, and wait callback example using solely Native Windows APIs.☆88Feb 11, 2024Updated 2 years ago
- An interactive shell to spoof some LOLBins command line☆188Jan 27, 2024Updated 2 years ago
- A Simple PoC☆22May 24, 2024Updated last year
- Source generator to add D/Invoke and indirect syscall methods to a C# project.☆190Mar 4, 2024Updated 2 years ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆44Apr 27, 2023Updated 2 years ago
- A Study in Obfuscation: Analyzing the effect of various techniques to bypass AV engines☆45Oct 27, 2022Updated 3 years ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆18Jun 29, 2024Updated last year
- Ludus role for deploying a Mythic Teamserver onto Linux servers☆23Mar 16, 2025Updated 11 months ago
- Group 4 - C# Remote Administrator Tool☆11Feb 18, 2025Updated last year
- Modified versions of the Cobalt Strike Process Injection Kit☆106Jan 24, 2024Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆370Apr 19, 2023Updated 2 years ago
- Titan: A generic user defined reflective DLL for Cobalt Strike☆85Nov 20, 2022Updated 3 years ago
- MappingInjection via csharp☆40Nov 19, 2021Updated 4 years ago
- ☆341Nov 10, 2025Updated 3 months ago
- SharpElevator is a C# implementation of Elevator for UAC bypass. This UAC bypass was originally discovered by James Forshaw and publishe…☆61Aug 31, 2022Updated 3 years ago
- ☆109Feb 17, 2025Updated last year
- ☆189Jan 23, 2024Updated 2 years ago
- Bypass LSA protection using the BYODLL technique☆172Sep 21, 2024Updated last year
- Lockless BOF☆79May 2, 2025Updated 10 months ago
- Shellcode Loader Utilizing ETW Events☆67Feb 26, 2025Updated last year
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆325Apr 12, 2024Updated last year