This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection
☆63Feb 11, 2024Updated 2 years ago
Alternatives and similar repositories for PsNotifRoutineUnloader
Users that are interested in PsNotifRoutineUnloader are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆267Apr 29, 2023Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 3 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆43May 6, 2023Updated 3 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Exploitation of process killer drivers☆205Oct 17, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆211Nov 12, 2025Updated 6 months ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆204Aug 2, 2023Updated 2 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 3 years ago
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆233Apr 17, 2023Updated 3 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Lifetime AMSI bypass☆676Sep 26, 2023Updated 2 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆143Feb 27, 2023Updated 3 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Bypassing PatchGuard on modern x64 systems☆267Apr 9, 2023Updated 3 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆252Jul 9, 2024Updated last year
- Admin to Kernel code execution using the KSecDD driver☆269Apr 19, 2024Updated 2 years ago
- A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).☆90Nov 23, 2022Updated 3 years ago
- ETW based POC to identify direct and indirect syscalls☆196Apr 19, 2023Updated 3 years ago
- EvtPsst☆55Oct 24, 2023Updated 2 years ago
- A C# implementation of dumping credentials from Windows Credential Manager☆63Sep 23, 2023Updated 2 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆88Apr 11, 2023Updated 3 years ago
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Inline syscalls made for MSVC supporting x64 and WOW64☆192Jul 10, 2023Updated 2 years ago
- Identify and exploit leaked handles for local privilege escalation.☆112Jun 19, 2023Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆190Jan 26, 2023Updated 3 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- Patching AmsiOpenSession by forcing an error branching☆154Aug 2, 2023Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆61Sep 7, 2024Updated last year
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆180Feb 10, 2023Updated 3 years ago
- Using fibers to run in-memory code.☆244Oct 19, 2023Updated 2 years ago
- Dump the memory of any PPL with a Userland exploit chain☆354Mar 17, 2023Updated 3 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆75Feb 11, 2024Updated 2 years ago
- Kernel Mode Driver for Elevating Process Privileges☆132Mar 23, 2023Updated 3 years ago
- A persistant Windows Service Proof of Concept, where the Service will run after Restart or Shutdown, and invoke a given software executab…☆37Sep 28, 2023Updated 2 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆311Feb 13, 2023Updated 3 years ago
- AIDA64DRIVER Elevation of Privilege Vulnerability☆17Oct 25, 2024Updated last year
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆141Sep 14, 2024Updated last year
- Security product hook detection☆330Mar 30, 2021Updated 5 years ago