Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll
☆25Jul 9, 2025Updated 7 months ago
Alternatives and similar repositories for NtUnhook
Users that are interested in NtUnhook are comparing it to the libraries listed below
Sorting:
- Threat Hijacking Simple Implementation☆18Feb 24, 2025Updated last year
- Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum…☆17Jun 12, 2025Updated 8 months ago
- InstantCrack es un motor de recuperación de hashes de alto rendimiento diseñado para realizar búsquedas instantáneas en bases de datos pr…☆24Jan 19, 2026Updated last month
- Origami Crypter with an updated version of the stub that bypasses windows defender.☆14Mar 13, 2025Updated 11 months ago
- Offensive security toolkit to obfuscate Python code, stage payloads, and evade defenses☆23Feb 13, 2026Updated 2 weeks ago
- Launch a Windows EXE file with this EXE file (application filter evasion)☆15Mar 10, 2017Updated 8 years ago
- Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassumi…☆19Apr 24, 2023Updated 2 years ago
- A portable C# utility for enumerating local and remote windows sessions☆56Jan 1, 2026Updated 2 months ago
- PDF Icon File Type Spoofer☆17Jul 8, 2024Updated last year
- Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by s…☆82Dec 22, 2025Updated 2 months ago
- Impacket pre-compiled binaries☆18Jul 31, 2023Updated 2 years ago
- Tiny and fast port scanner (Sliver edition)☆27Feb 17, 2026Updated 2 weeks ago
- Playing with packets in C#☆15Aug 16, 2024Updated last year
- modified mssqlclient from impacket to extract policies from the SCCM database☆44Feb 24, 2026Updated last week
- a minimalistic winrm client written in python☆25May 15, 2025Updated 9 months ago
- One gate to all syscalls!☆23Mar 12, 2022Updated 3 years ago
- Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials☆61May 12, 2025Updated 9 months ago
- A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+S…☆116Dec 21, 2025Updated 2 months ago
- Shellcode capable of bypassing EAF / IAF mitigations☆28Apr 11, 2023Updated 2 years ago
- A Simple PoC☆22May 24, 2024Updated last year
- A care package of useful bofs for red team engagments☆53Dec 6, 2024Updated last year
- ☆48Oct 14, 2025Updated 4 months ago
- Coerce Windows authentication by generating, distributing, and cleaning up poisoned files at scale.☆34Jun 17, 2025Updated 8 months ago
- Hotkey-based keylogger for Windows☆32Oct 17, 2024Updated last year
- EDR & AV Bypass Arsenal— a comprehensive collection of tools, patches, and techniques for evading modern EDR and antivirus defenses.☆55Nov 17, 2025Updated 3 months ago
- Demo code JavaScript POC that tricks user into sending Windows hash to responder☆37Dec 12, 2025Updated 2 months ago
- Evasive loader to bypass static detection☆60Jan 15, 2024Updated 2 years ago
- PowerShell Implementation of ADFSDump to assist with GoldenSAML☆39Dec 7, 2025Updated 2 months ago
- Microsoft Windows HTA (HTML Application) - Remote Code Execution☆30Aug 21, 2015Updated 10 years ago
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆71Dec 26, 2025Updated 2 months ago
- AppXSVC Service race condition - privilege escalation☆30Jul 30, 2019Updated 6 years ago
- Extended Process List (Search functionality)☆29Jan 23, 2021Updated 5 years ago
- Encode shellcode into dictionary words for evasion and entropy reduction☆41Dec 12, 2025Updated 2 months ago
- Load PE via XML Attribute☆32Feb 1, 2020Updated 6 years ago
- Multi-component Remote Access Trojan: C++ client (victim), C# server, and Angular frontend.☆50May 4, 2025Updated 9 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 3 years ago
- A framework for backdooring Microsoft Nuget packages.☆10Jan 9, 2024Updated 2 years ago
- A Pentester's Powershell Client☆51Nov 23, 2025Updated 3 months ago
- The ADSyncDump BOF is a port of Dirk-Jan Mollema's adconnectdump.py / ADSyncDecrypt into a Beacon Object File (BOF) with zero dependencie…☆172Sep 3, 2025Updated 6 months ago