proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.
☆53Dec 9, 2025Updated 2 months ago
Alternatives and similar repositories for NTDLL-Unhook
Users that are interested in NTDLL-Unhook are comparing it to the libraries listed below
Sorting:
- Items related to the RedELK workshop given at security conferences☆29Sep 28, 2023Updated 2 years ago
- Poshito is a Windows C2 over Telegram☆21Oct 30, 2024Updated last year
- ☆12Apr 5, 2025Updated 10 months ago
- Assorted BloodHound Cypher queries/tricks I haven't seen in other cheat sheets☆12Jun 21, 2021Updated 4 years ago
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.☆131Dec 8, 2025Updated 2 months ago
- Red Team Coin for crypto-mining operations.☆23Updated this week
- Active Directory information dumper via ADWS for evasion purposes.☆159Feb 23, 2026Updated last week
- Locate dlls and function addresses without PEB Walk and EAT parsing☆104Nov 7, 2025Updated 3 months ago
- Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…☆116Oct 30, 2025Updated 4 months ago
- ELK stack for red team logs☆13Oct 30, 2020Updated 5 years ago
- Unauthenticated start EFS service on remote Windows host (make PetitPotam great again)☆129Oct 23, 2025Updated 4 months ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆16Sep 4, 2020Updated 5 years ago
- ☆11May 5, 2024Updated last year
- Scripts to interact with Microsoft Graph APIs☆44Nov 7, 2024Updated last year
- Simple pure PowerShell POC to bypass Entra / Intune Compliance Conditional Access Policy☆167Nov 17, 2025Updated 3 months ago
- Pattern-based AMSI bypass that patches AMSI.dll in memory by modifying comparison values, conditional jumps, and function prologues to ne…☆27May 13, 2025Updated 9 months ago
- Windows Access token manipulation tool made in C#☆24Aug 24, 2025Updated 6 months ago
- Passworld is a fully customizable wordlist generator☆16Sep 13, 2024Updated last year
- The PoC for CVE-2025-70795 / CVE-2026-0828 and its update☆40Feb 16, 2026Updated 2 weeks ago
- Identify common attack paths to get Domain Administrator☆21Aug 20, 2019Updated 6 years ago
- Adversary Simulation Framework☆38Aug 19, 2025Updated 6 months ago
- This script leverages CVE-2023046604 (Apache ActiveMQ) to generate a pseudo shell. The vulnerability allows for remote code execution due…☆18Jan 24, 2024Updated 2 years ago
- ☆73Feb 12, 2026Updated 2 weeks ago
- LSTAR - CobaltStrike Translated to EN☆22Jun 15, 2023Updated 2 years ago
- ☆49Apr 9, 2025Updated 10 months ago
- Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domai…☆275Dec 27, 2024Updated last year
- A lightweight tool that injects a custom assembly proxy into a target process to silently bypass ETW scanning by redirecting ETW calls to…☆45Jun 1, 2025Updated 9 months ago
- Simple C# Redirector☆94Aug 31, 2025Updated 6 months ago
- Exactly what it sounds like, which is something rad☆22Oct 12, 2022Updated 3 years ago
- Cloud Discovery - brute force public AWS, GCP, Alibaba, and Azure cloud services☆24Jan 21, 2021Updated 5 years ago
- SVG Analysis and generation tools for commonly seen SVG attachment phishing☆55Sep 24, 2025Updated 5 months ago
- Tool to obtain hash using MS-SNTP for user accounts☆29Jan 22, 2025Updated last year
- A Chrome cookie dumping utility☆46Feb 21, 2020Updated 6 years ago
- Info related to the Outflank training: Microsoft Office Offensive Tradecraft☆52May 16, 2024Updated last year
- Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.☆237Feb 20, 2026Updated last week
- Sp00fer blog post -☆24Jul 19, 2022Updated 3 years ago
- ☆31Jul 26, 2024Updated last year
- My Malware Analysis Reports☆25May 24, 2022Updated 3 years ago
- PIC shellcode (C/C++) development toolkit designed for malware developers.☆122Dec 23, 2025Updated 2 months ago