Alternatives and similar repositories for NtdllUnpatcher

Users that are interested in NtdllUnpatcher are comparing it to the libraries listed below

• Soledge / BlockEtw

  View on GitHub
  .Net Assembly to block ETW telemetry in current process
  ☆81May 14, 2020Updated 5 years ago
• hoangprod / AndrewSpecial

  View on GitHub
  AndrewSpecial, dumping lsass' memory stealthily and bypassing "Cilence" since 2019.
  ☆390Jun 2, 2019Updated 6 years ago
• aaaddress1 / wowInjector

  View on GitHub
  PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
  ☆167May 27, 2021Updated 4 years ago
• crummie5 / Freshycalls_PoC

  View on GitHub
  A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯
  ☆38Dec 13, 2020Updated 5 years ago
• asaurusrex / Probatorum-EDR-Userland-Hook-Checker

  View on GitHub
  Project to check which Nt/Zw functions your local EDR is hooking
  ☆199Mar 21, 2021Updated 4 years ago
• KINGSABRI / DotNetToJScriptMini

  View on GitHub
  A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.
  ☆46Mar 1, 2021Updated 4 years ago
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆581Mar 8, 2024Updated last year
• rsmudge / unhook-bof

  View on GitHub
  Remove API hooks from a Beacon process.
  ☆283Sep 18, 2021Updated 4 years ago
• CCob / SharpBlock

  View on GitHub
  A method of bypassing EDR's active projection DLL's by preventing entry point exection
  ☆1,164Mar 31, 2021Updated 4 years ago
• rasta-mouse / RuralBishop

  View on GitHub
  D/Invoke port of UrbanBishop
  ☆108Jul 19, 2020Updated 5 years ago
• mgeeky / UnhookMe

  View on GitHub
  UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …
  ☆349Jul 3, 2022Updated 3 years ago
• kyleavery / inject-assembly

  View on GitHub
  Inject .NET assemblies into an existing process
  ☆508Jan 19, 2022Updated 4 years ago
• outflanknl / Dumpert

  View on GitHub
  LSASS memory dumper using direct system calls and API unhooking.
  ☆1,577Jan 5, 2021Updated 5 years ago
• passthehashbrowns / SharpBuster

  View on GitHub
  SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and s…
  ☆63Sep 2, 2020Updated 5 years ago
• FSecureLABS / Ninjasploit

  View on GitHub
  A meterpreter extension for applying hooks to avoid windows defender memory scans
  ☆249Aug 13, 2020Updated 5 years ago
• rmdavy / HeapsOfFun

  View on GitHub
  AMSI Bypass Via the Heap
  ☆107Nov 20, 2020Updated 5 years ago
• Flangvik / NetLoader

  View on GitHub
  Loads any C# binary in mem, patching AMSI + ETW.
  ☆838Oct 3, 2021Updated 4 years ago
• med0x2e / ExecuteAssembly

  View on GitHub
  Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…
  ☆595Jul 26, 2021Updated 4 years ago
• m57 / cobaltstrike_bofs

  View on GitHub
  My CobaltStrike BOFS
  ☆165Jul 23, 2022Updated 3 years ago
• deepinstinct / LsassSilentProcessExit

  View on GitHub
  Command line interface to dump LSASS memory to disk via SilentProcessExit
  ☆455Dec 23, 2020Updated 5 years ago
• bats3c / DarkLoadLibrary

  View on GitHub
  LoadLibrary for offensive operations
  ☆1,174Oct 22, 2021Updated 4 years ago
• GetRektBoy724 / SharpUnhooker

  View on GitHub
  C# Based Universal API Unhooker
  ☆411Feb 18, 2022Updated 3 years ago
• outflanknl / WdToggle

  View on GitHub
  A Beacon Object File (BOF) for Cobalt Strike which uses direct system calls to enable WDigest credential caching.
  ☆220May 3, 2023Updated 2 years ago
• outflanknl / TamperETW

  View on GitHub
  PoC to demonstrate how CLR ETW events can be tampered.
  ☆192Mar 26, 2020Updated 5 years ago
• NtRaiseHardError / Sysmon

  View on GitHub
  Sysmon shenanigans
  ☆66Oct 9, 2020Updated 5 years ago
• br-sn / CheekyBlinder

  View on GitHub
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆587Jan 24, 2023Updated 3 years ago
• b4rtik / ATPMiniDump

  View on GitHub
  Evading WinDefender ATP credential-theft
  ☆256Dec 2, 2019Updated 6 years ago
• outflanknl / InlineWhispers

  View on GitHub
  Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF)
  ☆321Nov 9, 2021Updated 4 years ago
• outflanknl / FindObjects-BOF

  View on GitHub
  A Cobalt Strike Beacon Object File (BOF) project which uses direct system calls to enumerate processes for specific loaded modules or pro…
  ☆275May 3, 2023Updated 2 years ago
• jsecu / CredManBOF

  View on GitHub
  ☆99Sep 20, 2021Updated 4 years ago
• jthuraisamy / SysWhispers

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,988Jan 1, 2023Updated 3 years ago
• mandiant / DueDLLigence

  View on GitHub
  ☆482Jun 2, 2023Updated 2 years ago
• D4stiny / spectre

  View on GitHub
  A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
  ☆723Aug 5, 2020Updated 5 years ago
• antonioCoco / Mapping-Injection

  View on GitHub
  Just another Windows Process Injection
  ☆408Aug 7, 2020Updated 5 years ago
• mdsecactivebreach / firewalker

  View on GitHub
  ☆155Aug 17, 2020Updated 5 years ago
• Cobalt-Strike / beacon_health_check

  View on GitHub
  This aggressor script uses a beacon's note field to indicate the health status of a beacon.
  ☆141Sep 29, 2021Updated 4 years ago
• rasta-mouse / TikiTorch

  View on GitHub
  Process Injection
  ☆766Oct 24, 2021Updated 4 years ago
• b4rtik / SharpMiniDump

  View on GitHub
  Create a minidump of the LSASS process from memory
  ☆261Nov 2, 2022Updated 3 years ago
• EncodeGroup / AggressiveProxy

  View on GitHub
  Project to enumerate proxy configurations and generate shellcode from CobaltStrike
  ☆140Nov 4, 2020Updated 5 years ago