S12cybersecurity / NtUnhookLinks
Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll
☆25Updated 6 months ago
Alternatives and similar repositories for NtUnhook
Users that are interested in NtUnhook are comparing it to the libraries listed below
Sorting:
- Encode shellcode into dictionary words for evasion and entropy reduction☆40Updated last month
- Good CLR Host with Native patchless AMSI Bypass☆100Updated 9 months ago
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…☆112Updated last month
- 「⚠️」Performing a BYOVD on the truesight.sys driver☆44Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆83Updated last year
- Classic Process Injection with Memory Evasion Techniques implemantation☆72Updated 2 years ago
- Dynamic shellcode loader with sophisticated evasion capabilities☆280Updated 3 months ago
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆90Updated 9 months ago
- PandaCrypter is a C#-based tool designed to convert PowerShell scripts into obfuscated batch files (.bat) with encryption and additional …☆44Updated 5 months ago
- .bin file to shellcode convertor☆39Updated last year
- Generate an Alphabetical Polymorphic Shellcode☆135Updated 5 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆101Updated last year
- Another version of .NET loader provides capabilities of bypassing ETW and AMSI, utilizing VEH for syscalls and loading .NET assemblies☆49Updated 6 months ago
- EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.☆50Updated 2 months ago
- Windows NTLM hash dump utility written in C language, that supports Windows and Linux. Hashes can be dumped in realtime or from already s…☆66Updated 2 years ago
- Just another repository for malware development☆13Updated last year
- The Swiss army knife of evasion tool that bypasses AMSI, Applocker, and CLM mode simultaneously.☆27Updated last year
- Shellcode loader☆100Updated last year
- A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints☆121Updated 6 months ago
- ☆54Updated 3 months ago
- Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum…☆14Updated 7 months ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61Updated 8 months ago
- template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.☆99Updated 3 weeks ago
- Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET☆50Updated 8 months ago
- Repository to gather the .NET malware I will be developing☆18Updated 10 months ago
- Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions☆62Updated 2 months ago
- Rewrite to fit my needs☆32Updated last year
- Bypasses AMSI protection through remote memory patching and parsing technique.☆54Updated 8 months ago
- execute PE in memory Filelessly☆50Updated 11 months ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆89Updated 5 months ago