proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.
☆53Dec 9, 2025Updated 3 months ago
Alternatives and similar repositories for NTDLL-Unhook
Users that are interested in NTDLL-Unhook are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…☆117Oct 30, 2025Updated 4 months ago
- Poshito is a Windows C2 over Telegram☆21Oct 30, 2024Updated last year
- ☆11May 5, 2024Updated last year
- Locate dlls and function addresses without PEB Walk and EAT parsing☆105Nov 7, 2025Updated 4 months ago
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆134Dec 8, 2025Updated 3 months ago
- Cryptanalysis of a proprietary 1999 video DRM system. Recovers 61 encrypted wrestling videos from the WCW Internet Powerdisk CD-ROM throu…☆25Jan 29, 2026Updated last month
- Red Team Coin for crypto-mining operations.☆23Mar 1, 2026Updated 3 weeks ago
- .NET assembly loader with patching AMSI and ETW bypass☆31Apr 16, 2025Updated 11 months ago
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆168Nov 17, 2025Updated 4 months ago
- ☆29Oct 19, 2024Updated last year
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆45Jun 1, 2025Updated 9 months ago
- Active Directory information dumper via ADWS for evasion purposes.☆207Feb 23, 2026Updated last month
- Items related to the RedELK workshop given at security conferences☆29Sep 28, 2023Updated 2 years ago
- The PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver☆41Mar 13, 2026Updated last week
- ☆64Jan 2, 2024Updated 2 years ago
- Scripts to interact with Microsoft Graph APIs☆45Nov 7, 2024Updated last year
- Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)☆134Oct 23, 2025Updated 5 months ago
- LSTAR - CobaltStrike Translated to EN☆22Jun 15, 2023Updated 2 years ago
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆276Dec 27, 2024Updated last year
- Wonka is a sweet Windows tool that extracts Kerberos tickets from the Local Security Authority (LSA) cache. Like finding a ticket, but fo…☆167Oct 21, 2025Updated 5 months ago
- Simple C# Redirector☆94Aug 31, 2025Updated 6 months ago
- Commandline spoofing on Windows☆95Nov 25, 2025Updated 3 months ago
- Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…☆28May 13, 2025Updated 10 months ago
- a small script to collect information from a management point☆37Jan 19, 2026Updated 2 months ago
- Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover☆86Oct 20, 2025Updated 5 months ago
- Adversary Simulation Framework☆38Aug 19, 2025Updated 7 months ago
- A unique introduction to native runtime obfuscation.☆76Mar 2, 2025Updated last year
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆34Jun 23, 2024Updated last year
- ☆12Feb 4, 2025Updated last year
- A cmake template for crystal palace☆39Dec 20, 2025Updated 3 months ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆16Sep 4, 2020Updated 5 years ago
- Assorted BloodHound Cypher queries/tricks I haven't seen in other cheat sheets☆12Jun 21, 2021Updated 4 years ago
- Windows Access token manipulation tool made in C#☆24Aug 24, 2025Updated 7 months ago
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Neo4LDAP is a query and visualization tool focused on Active Directory environments. It combines LDAP syntax with graph-based data analys…☆97Feb 3, 2026Updated last month
- Sleep Obfuscation☆45Oct 13, 2022Updated 3 years ago
- Inject dll to process in driver☆10Aug 27, 2024Updated last year
- Passworld is a fully customizable wordlist generator☆16Sep 13, 2024Updated last year
- ☆49Apr 9, 2025Updated 11 months ago