knight0x07/NailaoLoader-Hiding-Execution-Flow external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

knight0x07/NailaoLoader-Hiding-Execution-Flow

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/knight0x07/NailaoLoader-Hiding-Execution-Flow)

Close

knight0x07 / NailaoLoader-Hiding-Execution-FlowView on GitHubMore

• External links
• Readme badge

NailaoLoader: Hiding Execution Flow via Patching

☆22Feb 27, 2025Updated last year

Alternatives and similar repositories for NailaoLoader-Hiding-Execution-Flow

Users that are interested in NailaoLoader-Hiding-Execution-Flow are comparing it to the libraries listed below

• EvilBytecode / Eset-Unload

  View on GitHub
  Eset-Unload is a C++ tool that interacts with a process's loaded modules to identify and unload the ebehmoni.dll module, typically found …
  ☆12Apr 21, 2025Updated 10 months ago
• internetangel / OffensiveD

  View on GitHub
  Utilizing DLang For Offensive Operations.
  ☆14May 29, 2025Updated 9 months ago
• nbaertsch / PoolProxy

  View on GitHub
  Proxy function calls through the thread pool with ease
  ☆31Feb 27, 2025Updated last year
• zero2504 / FrostLock-Injection

  View on GitHub
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆43Apr 6, 2025Updated 11 months ago
• EvilBytecode / Amsi-Patch-Updated-2025

  View on GitHub
  How to bypass AMSI (Antimalware Scan Interface) in PowerShell/C++ by dynamically patching the AmsiScanBuffer function.
  ☆25Apr 21, 2025Updated 10 months ago
• EvilBytecode / Evilbytecode-Gate

  View on GitHub
  Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…
  ☆26Apr 21, 2025Updated 10 months ago
• cocomelonc / offzone-2024-malware-persistence-workshop

  View on GitHub
  OFFZONE 2024 Malware Persistence workshop
  ☆22Dec 18, 2024Updated last year
• I3IT / Detect.Remote.ShadowSnapshot.Dump

  View on GitHub
  Detect Remote Local Credentials Dumping using a Shadow Snapshot
  ☆32Jan 27, 2025Updated last year
• susMdT / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆52Dec 4, 2023Updated 2 years ago
• Orange-Cyberdefense / EDRSnowblast

  View on GitHub
  This project is an EDRSandblast fork, adding some features and custom pieces of code.
  ☆25Sep 29, 2023Updated 2 years ago
• FalconForceTeam / bof-winrm-plugin-jump

  View on GitHub
  ☆33Jan 23, 2025Updated last year
• pry0cc / Ghost2

  View on GitHub
  My latest setup configs.
  ☆10Aug 7, 2016Updated 9 years ago
• EvilBytecode / SsnRetrieval

  View on GitHub
  Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…
  ☆15Apr 21, 2025Updated 10 months ago
• doyensec / malicious-devfile-registry

  View on GitHub
  Exploit for CVE-2024-0402 in Gitlab
  ☆15Mar 18, 2025Updated 11 months ago
• ZERODETECTION / Havoc_Demon_API_Hashing

  View on GitHub
  Rehashing APIs to prevent hash based detection
  ☆14Jan 7, 2025Updated last year
• Cynosureprime / rulechef

  View on GitHub
  a markov based rule generator for hashcat/mdxfind/jtr
  ☆24Dec 8, 2025Updated 3 months ago
• EvilBytecode / Powershell-Persistance

  View on GitHub
  Whenever PowerShell is launched, Notepad will also open. You can customize the script for educational purposes, but I emphasize that I do…
  ☆12Apr 21, 2025Updated 10 months ago
• racoten / BetterNetLoader

  View on GitHub
  A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints
  ☆123Jul 11, 2025Updated 7 months ago
• fin3ss3g0d / StoneKeeper

  View on GitHub
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆209Dec 25, 2024Updated last year
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• bot984397 / eepy

  View on GitHub
  ☆38Apr 15, 2025Updated 10 months ago
• NUL0x4C / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆61May 12, 2025Updated 9 months ago
• NtDallas / Svartalfheim

  View on GitHub
  Stage 0
  ☆169Dec 18, 2024Updated last year
• EvilBytecode / PhantomDelay

  View on GitHub
  PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …
  ☆19May 8, 2025Updated 10 months ago
• bjornhels / CVE-2025-30065

  View on GitHub
  PoC
  ☆12Apr 7, 2025Updated 11 months ago
• C5Hackr / ARM64_AmsiPatch

  View on GitHub
  ☆21Jan 8, 2026Updated 2 months ago
• voidvxvi / HellBunny

  View on GitHub
  Shellcode loader written in C and Assembly utilizing direct or indirect syscalls to evade UM EDR hooks
  ☆138Dec 22, 2024Updated last year
• HullaBrian / COMmander

  View on GitHub
  .NET tool used to enrich RPC telemetry
  ☆101Jan 24, 2026Updated last month
• ameenalkerdy / ETWShellcodeLoader

  View on GitHub
  Shellcode Loader Utilizing ETW Events
  ☆66Feb 26, 2025Updated last year
• securekomodo / CVE-2024-22026

  View on GitHub
  Exploit POC for CVE-2024-22026 affecting Ivanti EPMM "MobileIron Core"
  ☆15May 15, 2024Updated last year
• ricardojoserf / http-protocol-exfil

  View on GitHub
  Exfiltrate files using the HTTP protocol version ("HTTP/1.0" is a 0 and "HTTP/1.1" is a 1)
  ☆24Oct 23, 2021Updated 4 years ago
• blue0x1 / uac-bypass-oneliners

  View on GitHub
  Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applicatio…
  ☆158Jan 7, 2025Updated last year
• akamai / CVE-2025-27636-Apache-Camel-PoC

  View on GitHub
  ☆41Mar 12, 2025Updated 11 months ago
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆195Nov 27, 2024Updated last year
• dmcxblue / Red-Team-Guide

  View on GitHub
  A small red team course
  ☆40Jun 6, 2023Updated 2 years ago
• EvilBytecode / Evil-Go

  View on GitHub
  A malicous Golang Package
  ☆15Apr 21, 2025Updated 10 months ago
• AmirHoseinTangsiriNET / EventLogSilencer

  View on GitHub
  EventLogSilencer is a PowerShell script designed for disable Windows Event Logging
  ☆18Oct 28, 2023Updated 2 years ago
• S12cybersecurity / ETWEvasionToolkit

  View on GitHub
  Toolkit of Projects to attack and evade Event Trace for Windows
  ☆26Aug 28, 2025Updated 6 months ago
• CroodSolutions / BypassIT

  View on GitHub
  BypassIT is a framework for covert malware delivery and post-exploitation using AutoIT for red / blue team self assessment.
  ☆45Jul 6, 2025Updated 8 months ago