S12cybersecurity / NtUnhookLinks
Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll
☆24Updated 6 months ago
Alternatives and similar repositories for NtUnhook
Users that are interested in NtUnhook are comparing it to the libraries listed below
Sorting:
- Encode shellcode into dictionary words for evasion and entropy reduction☆38Updated 3 weeks ago
- Good CLR Host with Native patchless AMSI Bypass☆97Updated 8 months ago
- Classic Process Injection with Memory Evasion Techniques implemantation☆72Updated 2 years ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆91Updated 8 months ago
- 「⚠️」Performing a BYOVD on the truesight.sys driver☆44Updated last year
- Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum…☆14Updated 6 months ago
- Repository to gather the .NET malware I will be developing☆18Updated 9 months ago
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…☆108Updated 2 weeks ago
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆119Updated 5 months ago
- The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously.☆27Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆101Updated last year
- execute PE in memory Filelessly☆50Updated 11 months ago
- Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions☆59Updated last month
- Shellcode loader☆97Updated last year
- Dynamic shellcode loader with sophisticated evasion capabilities☆271Updated 3 months ago
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆100Updated 2 years ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆83Updated last year
- .bin file to shellcode convertor☆39Updated last year
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆66Updated 2 years ago
- a port of privkit bof for havoc☆24Updated 2 years ago
- EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.☆47Updated last month
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆81Updated last week
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆97Updated last month
- Rewrite to fit my needs☆32Updated last year
- A python script that automates a C2 Profile build☆48Updated 3 weeks ago
- Shellcode injection using the Windows Debugging API☆124Updated this week
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆57Updated 9 months ago
- This is the combination of multiple evasion techniques to evade defenses. (Dirty Vanity)☆51Updated last year
- A tool to modify SCCM remote control settings on the client machine, enabling remote control without permission prompts or notifications.…☆112Updated last year
- Windows Thread Pool Injection Havoc Implementation☆33Updated last year