fin3ss3g0d / HookFinder
Simple PoC to locate hooked functions by EDR in ntdll.dll
☆31Updated last year
Related projects: ⓘ
- API Hammering with C++20☆34Updated 2 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆53Updated 2 years ago
- ☆33Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆34Updated 9 months ago
- ☆38Updated this week
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- BYOVD collection☆19Updated 5 months ago
- This is my own implementation of the Perun's Fart technique by Sektor7☆64Updated 2 years ago
- A method to execute shellcode using RegisterWaitForInputIdle API.☆50Updated last year
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.☆32Updated 8 months ago
- ☆24Updated this week
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆37Updated last year
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆41Updated 6 months ago
- the Open Source and Pure C++ Packer for eXecutables☆18Updated last year
- Artemis - C++ Hell's Gate Syscall Implementation☆31Updated last year
- ☆38Updated 11 months ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated last week
- ☆25Updated this week
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆18Updated last year
- Sleep Obfuscation☆39Updated last year
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆14Updated last year
- ☆12Updated last year
- Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH☆44Updated 3 years ago
- idk man this was the default github name☆35Updated last year
- Self Delete DLL☆23Updated 7 months ago
- Small tool to play with IOCs caused by Imageload events☆37Updated last year
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆93Updated last year
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year