S12cybersecurity / NtUnhookLinks
Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll
☆21Updated 5 months ago
Alternatives and similar repositories for NtUnhook
Users that are interested in NtUnhook are comparing it to the libraries listed below
Sorting:
- Good CLR Host with Native patchless AMSI Bypass☆98Updated 8 months ago
- 「⚠️」Performing a BYOVD on the truesight.sys driver☆44Updated last year
- Encode shellcode into dictionary words for evasion and entropy reduction☆33Updated last week
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆118Updated 5 months ago
- Generate an Alphabetical Polymorphic Shellcode☆133Updated 4 months ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆89Updated 7 months ago
- The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously.☆27Updated last year
- ☆53Updated 2 months ago
- Dynamic shellcode loader with sophisticated evasion capabilities☆273Updated 2 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆94Updated last week
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆66Updated last year
- .bin file to shellcode convertor☆39Updated last year
- Repository to gather the .NET malware I will be developing☆18Updated 8 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆99Updated last year
- Rewrite to fit my needs☆32Updated last year
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆100Updated 2 years ago
- Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum…☆14Updated 6 months ago
- Classic Process Injection with Memory Evasion Techniques implemantation☆72Updated 2 years ago
- C2 Agent fully PIC for Mythic with advanced evasion capabilities, dotnet/powershell/shellcode/bof memory executions, lateral moviments, p…☆191Updated 2 weeks ago
- Malicious powershell scripts loader designed to avoid detection.☆59Updated 2 years ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆161Updated last year
- Lateral Movement Bof with MSI ODBC Driver Install☆141Updated 2 months ago
- .NET assembly loader with patchless AMSI and ETW bypass in Rust☆57Updated last year
- EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.☆47Updated last month
- a port of privkit bof for havoc☆24Updated 2 years ago
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆57Updated 8 months ago
- A python script that automates a C2 Profile build☆48Updated this week
- Collection of many ldap bofs for domain enumeration and privilege escalation. Created for use with the Adaptix C2.☆39Updated this week
- A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications.…☆113Updated last year
- Simple C# Redirector☆89Updated 3 months ago