knight0x07/NailaoLoader-Hiding-Execution-Flow external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

knight0x07/NailaoLoader-Hiding-Execution-Flow

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/knight0x07/NailaoLoader-Hiding-Execution-Flow)

Close

knight0x07 / NailaoLoader-Hiding-Execution-FlowView on GitHubMore

• External links
• Readme badge

NailaoLoader: Hiding Execution Flow via Patching

☆23Feb 27, 2025Updated last year

Alternatives and similar repositories for NailaoLoader-Hiding-Execution-Flow

Users that are interested in NailaoLoader-Hiding-Execution-Flow are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• internetangel / OffensiveD

  View on GitHub
  Utilizing DLang For Offensive Operations.
  ☆14May 29, 2025Updated 10 months ago
• zero2504 / FrostLock-Injection

  View on GitHub
  FrostLock Injection is a freeze/thaw-based code injection technique that uses Windows Job Objects to temporarily freeze (suspend) a targe…
  ☆43Apr 6, 2025Updated last year
• nbaertsch / PoolProxy

  View on GitHub
  Proxy function calls through the thread pool with ease
  ☆31Feb 27, 2025Updated last year
• cocomelonc / offzone-2024-malware-persistence-workshop

  View on GitHub
  OFFZONE 2024 Malware Persistence workshop
  ☆22Dec 18, 2024Updated last year
• susMdT / AceLdr

  View on GitHub
  Cobalt Strike UDRL for memory scanner evasion.
  ☆52Dec 4, 2023Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• fin3ss3g0d / StoneKeeper

  View on GitHub
  StoneKeeper C2, an experimental EDR evasion framework for research purposes
  ☆209Dec 25, 2024Updated last year
• pry0cc / Ghost2

  View on GitHub
  My latest setup configs.
  ☆10Aug 7, 2016Updated 9 years ago
• bot984397 / eepy

  View on GitHub
  ☆38Apr 15, 2025Updated last year
• zimnyaa / smbsocks

  View on GitHub
  A simple rpc2socks alternative in pure Go.
  ☆31Jul 8, 2024Updated last year
• NtDallas / Svartalfheim

  View on GitHub
  Stage 0
  ☆168Dec 18, 2024Updated last year
• ZERODETECTION / Havoc_Demon_API_Hashing

  View on GitHub
  Rehashing APIs to prevent hash based detection
  ☆14Jan 7, 2025Updated last year
• C5Hackr / ARM64_AmsiPatch

  View on GitHub
  ☆20Jan 8, 2026Updated 3 months ago
• racoten / BetterNetLoader

  View on GitHub
  A version of NetLoader, Execute Assemblies and Bypass ETW and AMSI using Hardware Breakpoints
  ☆125Jul 11, 2025Updated 9 months ago
• Orange-Cyberdefense / EDRSnowblast

  View on GitHub
  This project is an EDRSandblast fork, adding some features and custom pieces of code.
  ☆25Sep 29, 2023Updated 2 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated last year
• Octoberfest7 / Secure_Stager

  View on GitHub
  An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution
  ☆195Nov 27, 2024Updated last year
• I3IT / Detect.Remote.ShadowSnapshot.Dump

  View on GitHub
  Detect Remote Local Credentials Dumping using a Shadow Snapshot
  ☆32Jan 27, 2025Updated last year
• FalconForceTeam / bof-winrm-plugin-jump

  View on GitHub
  ☆36Jan 23, 2025Updated last year
• KiExitDispatcher / Go-Assembly

  View on GitHub
  Examples how to use a Assm (Assembly) in a go.
  ☆25Apr 21, 2025Updated 11 months ago
• ameenalkerdy / ETWShellcodeLoader

  View on GitHub
  Shellcode Loader Utilizing ETW Events
  ☆66Feb 26, 2025Updated last year
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆240Oct 30, 2025Updated 5 months ago
• voidvxvi / HellBunny

  View on GitHub
  Shellcode loader written in C and Assembly utilizing direct or indirect syscalls to evade UM EDR hooks
  ☆139Dec 22, 2024Updated last year
• BlackSnufkin / NyxInvoke

  View on GitHub
  NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…
  ☆234Feb 12, 2025Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• doyensec / malicious-devfile-registry

  View on GitHub
  Exploit for CVE-2024-0402 in Gitlab
  ☆15Mar 18, 2025Updated last year
• DeDf / ParseNTFS

  View on GitHub
  ☆20Nov 8, 2020Updated 5 years ago
• NUL0x4C / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆61May 12, 2025Updated 11 months ago
• MultSec / MultCheck

  View on GitHub
  Identifies bad bytes from static analysis with any Anti-Virus scanner.
  ☆129Jul 5, 2024Updated last year
• dmcxblue / Red-Team-Guide

  View on GitHub
  A small red team course
  ☆40Jun 6, 2023Updated 2 years ago
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆196Feb 6, 2025Updated last year
• zimnyaa / xyrella

  View on GitHub
  PoC XLL builder in Python/Nim
  ☆50Nov 21, 2022Updated 3 years ago
• draktuls / IAF-EAF-Shellcode-bypass-PoC

  View on GitHub
  Shellcode capable of bypassing EAF / IAF mitigations
  ☆28Apr 11, 2023Updated 3 years ago
• Maldev-Academy / TrapFlagForSyscalling

  View on GitHub
  Bypass user-land hooks by syscall tampering via the Trap Flag
  ☆139Aug 25, 2025Updated 7 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• blue0x1 / uac-bypass-oneliners

  View on GitHub
  Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applicatio…
  ☆163Apr 2, 2026Updated 2 weeks ago
• bjornhels / CVE-2025-30065

  View on GitHub
  PoC
  ☆12Apr 7, 2025Updated last year
• FalconForceTeam / bof-winrm-client

  View on GitHub
  ☆129Jan 23, 2025Updated last year
• nickzer0 / PersisTask-BOF

  View on GitHub
  A BOF to create a scheduled task using a COM object.
  ☆16Dec 3, 2024Updated last year
• ricardojoserf / NativeBypassCredGuard

  View on GitHub
  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
  ☆269Apr 8, 2025Updated last year
• boku7 / StringReaper

  View on GitHub
  Reaping treasures from strings in remote processes memory
  ☆285Feb 8, 2025Updated last year
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆108Feb 25, 2025Updated last year