C++ function that will automagically unhook a specified Windows API
☆62Oct 14, 2020Updated 5 years ago
Alternatives and similar repositories for APIunhooker
Users that are interested in APIunhooker are comparing it to the libraries listed below
Sorting:
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆350Jul 3, 2022Updated 3 years ago
- Project to check which Nt/Zw functions your local EDR is hooking☆200Mar 21, 2021Updated 5 years ago
- .Net Assembly to block ETW telemetry in current process☆81May 14, 2020Updated 5 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆109Jan 3, 2021Updated 5 years ago
- Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…☆595Jul 26, 2021Updated 4 years ago
- D/Invoke port of UrbanBishop☆108Jul 19, 2020Updated 5 years ago
- PoC to demonstrate how CLR ETW events can be tampered.☆192Mar 26, 2020Updated 5 years ago
- ☆50Dec 15, 2025Updated 3 months ago
- C# Based Universal API Unhooker☆409Feb 18, 2022Updated 4 years ago
- AndrewSpecial, dumping lsass' memory stealthily and bypassing "Cilence" since 2019.☆392Jun 2, 2019Updated 6 years ago
- A port of FuzzySecurity's UrbanBishop project for inline shellcode execution☆118Sep 29, 2020Updated 5 years ago
- LittleCorporal: A C# Automated Maldoc Generator☆227Jul 30, 2021Updated 4 years ago
- Obfuscate ECMA CIL (.NET IL) assemblies to evade Windows Defender AMSI☆240Jun 9, 2023Updated 2 years ago
- Simple Aggressor Scripts for Cobalt Strike☆13Sep 24, 2020Updated 5 years ago
- The program is designed to obfuscate the shellcode.☆204Jul 13, 2021Updated 4 years ago
- Userland API Unhooker Project☆111Jun 14, 2021Updated 4 years ago
- Evading WinDefender ATP credential-theft☆255Dec 2, 2019Updated 6 years ago
- New UAC bypass for Silent Cleanup for CobaltStrike☆191Jul 14, 2021Updated 4 years ago
- PE File Blessing - To continue or not to continue☆87Nov 23, 2019Updated 6 years ago
- Managed assembly shellcode generation☆281Mar 19, 2021Updated 5 years ago
- ☆73Oct 24, 2021Updated 4 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆34Jun 12, 2020Updated 5 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆59Nov 21, 2024Updated last year
- Custom Metasploit post module to executing a .NET Assembly from Meterpreter session☆347Jul 21, 2020Updated 5 years ago
- Windows user-land hooks manipulation tool.☆146Apr 20, 2021Updated 4 years ago
- Evasive shellcode loader for bypassing event-based injection detection (PoC)☆824Aug 23, 2021Updated 4 years ago
- A C# tool to search through a running instance of Outlook for keywords☆111Jan 14, 2021Updated 5 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆249Aug 13, 2020Updated 5 years ago
- Proof-of-concept obfuscation toolkit for C# post-exploitation tools☆430Jul 22, 2022Updated 3 years ago
- D/Invoke port of UrbanBishop☆30Dec 13, 2020Updated 5 years ago
- Using "svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc" as trigger☆58Oct 7, 2020Updated 5 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆219Mar 5, 2020Updated 6 years ago
- Small POC written in C# that performs shellcode injection on x64 processes using direct syscalls as a way to bypass user-land EDR hooks.☆85Dec 20, 2019Updated 6 years ago
- Simple and sane cryptographic wrapper library.☆27Apr 21, 2023Updated 2 years ago
- C++ WinRM API via Reflective DLL☆145Sep 11, 2021Updated 4 years ago
- Asynchronous Password Spraying Tool in C# for Windows Environments☆317Dec 19, 2023Updated 2 years ago
- Send and receive messages over Named Pipes asynchronously.☆39Sep 17, 2021Updated 4 years ago
- ☆99Sep 20, 2021Updated 4 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago