proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.
☆56Dec 9, 2025Updated 5 months ago
Alternatives and similar repositories for NTDLL-Unhook
Users that are interested in NTDLL-Unhook are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Poshito is a Windows C2 over Telegram☆21Oct 30, 2024Updated last year
- ☆12May 5, 2024Updated 2 years ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆105Nov 7, 2025Updated 6 months ago
- Native C++ access to Active Directory over ADWS, no .NET, no WCF, no HTTP stack.☆76Mar 27, 2026Updated last month
- Executing Shellcode with ReadDirectoryChanges’s Hidden Callback☆31Oct 13, 2025Updated 7 months ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆143Dec 8, 2025Updated 5 months ago
- Cryptanalysis of a proprietary 1999 video DRM system. Recovers 61 encrypted wrestling videos from the WCW Internet Powerdisk CD-ROM throu…☆25Jan 29, 2026Updated 3 months ago
- Red Team Coin for crypto-mining operations.☆24Mar 1, 2026Updated 2 months ago
- .NET assembly loader with patching AMSI and ETW bypass☆33Apr 16, 2025Updated last year
- Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions☆71Nov 15, 2025Updated 6 months ago
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆170Nov 17, 2025Updated 6 months ago
- ☆32Oct 19, 2024Updated last year
- Items related to the RedELK workshop given at security conferences☆29Sep 28, 2023Updated 2 years ago
- Active Directory information dumper via ADWS for evasion purposes.☆233Feb 23, 2026Updated 3 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆63Jan 2, 2024Updated 2 years ago
- Scripts to interact with Microsoft Graph APIs☆45Nov 7, 2024Updated last year
- The PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver☆47Mar 13, 2026Updated 2 months ago
- Python obfuscator with some cool features☆16Mar 19, 2025Updated last year
- LSTAR - CobaltStrike Translated to EN☆22Jun 15, 2023Updated 2 years ago
- Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows …☆268Sep 23, 2025Updated 8 months ago
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆309Mar 28, 2026Updated last month
- Windows rootkit designed to work with BYOVD exploits☆221Jan 18, 2025Updated last year
- Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)☆139Oct 23, 2025Updated 7 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but fo…☆167Oct 21, 2025Updated 7 months ago
- Simple C# Redirector☆95Aug 31, 2025Updated 8 months ago
- Commandline spoofing on Windows☆101Nov 25, 2025Updated 5 months ago
- a small script to collect information from a management point☆37Jan 19, 2026Updated 4 months ago
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆86Oct 20, 2025Updated 7 months ago
- Proof of Concepts code for Bring Your Own Vulnerable Driver techniques☆225Aug 21, 2025Updated 9 months ago
- Adversary Simulation Framework☆40Aug 19, 2025Updated 9 months ago
- A unique introduction to native runtime obfuscation.☆76Mar 2, 2025Updated last year
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆35Jun 23, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Set of PoC to abuse Windows minifilters functionality☆84May 1, 2026Updated 3 weeks ago
- A cmake template for crystal palace☆41Dec 20, 2025Updated 5 months ago
- ☆13Feb 4, 2025Updated last year
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆16Sep 4, 2020Updated 5 years ago
- Assorted BloodHound Cypher queries/tricks I haven't seen in other cheat sheets☆12Jun 21, 2021Updated 4 years ago
- Windows Access token manipulation tool made in C#☆25Aug 24, 2025Updated 9 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year