S12cybersecurity / NtUnhookLinks
Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll
☆20Updated 4 months ago
Alternatives and similar repositories for NtUnhook
Users that are interested in NtUnhook are comparing it to the libraries listed below
Sorting:
- Classic Process Injection with Memory Evasion Techniques implemantation☆72Updated 2 years ago
- Repository to gather the .NET malware I will be developing☆18Updated 8 months ago
- Encode shellcode into dictionary words for evasion and entropy reduction☆33Updated last year
- Good CLR Host with Native patchless AMSI Bypass☆96Updated 7 months ago
- Just another repository for malware development☆12Updated last year
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆49Updated 4 months ago
- 「⚠️」Performing a BYOVD on the truesight.sys driver☆44Updated 11 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆84Updated last year
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆87Updated 7 months ago
- Rewrite to fit my needs☆32Updated last year
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆99Updated last year
- ☆53Updated last month
- EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.☆45Updated last week
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆66Updated last year
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass AMSI scanning by redirecting AmsiScanBuf…☆61Updated 6 months ago
- "D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system c…☆27Updated last year
- .bin file to shellcode convertor☆38Updated last year
- Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum…☆14Updated 5 months ago
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆117Updated 4 months ago
- DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…☆44Updated last year
- Cortex EDR Ransomware protection Bypass☆25Updated 9 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆60Updated 6 months ago
- The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously.☆27Updated last year
- Using Just In Time (JIT) instruction decryption, this shellcode loader ensures that only the currently executing instruction is visible i…☆55Updated 7 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆58Updated this week
- PDF Icon File Type Spoofer☆17Updated last year
- The code I write in my blog☆37Updated last month
- lsassdump via RtlCreateProcessReflection and NanoDump☆83Updated last year
- DebugAmsi is another way to bypass AMSI through the Windows process debugger mechanism.☆98Updated 2 years ago
- A python script that automates a C2 Profile build☆48Updated 2 months ago