This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection
☆63Feb 11, 2024Updated 2 years ago
Alternatives and similar repositories for PsNotifRoutineUnloader
Users that are interested in PsNotifRoutineUnloader are comparing it to the libraries listed below
Sorting:
- powershell script i wrote that can suspend an arbitrary process (with limits)☆22Mar 26, 2023Updated 2 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆43May 6, 2023Updated 2 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆202Aug 2, 2023Updated 2 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆263Apr 29, 2023Updated 2 years ago
- Exploitation of process killer drivers☆202Oct 17, 2023Updated 2 years ago
- Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak☆209Nov 12, 2025Updated 3 months ago
- A C# implementation of dumping credentials from Windows Credential Manager☆62Sep 23, 2023Updated 2 years ago
- EvtPsst☆55Oct 24, 2023Updated 2 years ago
- Identify and exploit leaked handles for local privilege escalation.☆111Jun 19, 2023Updated 2 years ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆193Jul 10, 2023Updated 2 years ago
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆249Jul 9, 2024Updated last year
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆87Apr 11, 2023Updated 2 years ago
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆58Sep 7, 2024Updated last year
- Patching AmsiOpenSession by forcing an error branching☆154Aug 2, 2023Updated 2 years ago
- process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread☆31Jan 9, 2022Updated 4 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆202Jun 6, 2024Updated last year
- A tool to Impersonate logged on users without touching LSASS (Including non-Interactive sessions).☆90Nov 23, 2022Updated 3 years ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆71Feb 11, 2024Updated 2 years ago
- Lifetime AMSI bypass☆671Sep 26, 2023Updated 2 years ago
- Admin to Kernel code execution using the KSecDD driver☆265Apr 19, 2024Updated last year
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆135Dec 20, 2022Updated 3 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆175Mar 15, 2023Updated 2 years ago
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆234Apr 17, 2023Updated 2 years ago
- Security product hook detection☆326Mar 30, 2021Updated 4 years ago
- A new AMSI Bypass technique using .NET ALI Call Hooking.☆193Nov 15, 2022Updated 3 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆141Feb 27, 2023Updated 3 years ago
- A PoC implementation for dynamically masking call stacks with timers.☆308Feb 13, 2023Updated 3 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- Minifilter Callback Patching Proof-of-Concept☆74Oct 31, 2022Updated 3 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- 「💀」Proof of concept on BYOVD attack☆166Dec 7, 2024Updated last year
- Privileger is a tool to work with Windows Privileges☆139Feb 7, 2023Updated 3 years ago
- Exploring in-memory execution of .NET☆138Apr 20, 2022Updated 3 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- A C# tool to output crackable DPAPI hashes from user MasterKeys☆140Sep 14, 2024Updated last year