RATandC2 / FilelessNtdllReflection

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll, and trigger exported API from the export table
15Updated 2 years ago

Alternatives and similar repositories for FilelessNtdllReflection:

Users that are interested in FilelessNtdllReflection are comparing it to the libraries listed below