Loader Pre-Technology, Main thread hijacking without using API, get ntdll and kernel32 handle without peb. 加载器前置技术,不使用API进行主线程劫持,不使用PEB获取ntdll和kernel32的地址。
☆92Jul 26, 2025Updated 7 months ago
Alternatives and similar repositories for NTR_loader
Users that are interested in NTR_loader are comparing it to the libraries listed below
Sorting:
- EventViewer Bypass Uac Bof☆23Jul 23, 2022Updated 3 years ago
- 重构Beacon☆165Aug 19, 2024Updated last year
- Get sql server connection configuration information☆28Aug 26, 2024Updated last year
- Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode☆201May 28, 2024Updated last year
- 主要用于隐藏进程真实路径,进程带windows真签名☆119Oct 15, 2024Updated last year
- 通过Dump内存读取ToDesk设备代码、连接密码☆244Sep 9, 2024Updated last year
- ☆19Jan 25, 2024Updated 2 years ago
- 自动化找白文件,�用于扫描 EXE 文件的导入表,列出导入的DLL文件,并筛选出非系统DLL,符合条件的文件将被复制到特定的 X64 或 X86 文件夹☆563Dec 14, 2025Updated 2 months ago
- 利用RPC服务,批量探测内网Windows出网情况☆126Mar 20, 2022Updated 3 years ago
- 复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》☆161Oct 27, 2024Updated last year
- 寻找可利用的白文件☆556Aug 18, 2025Updated 6 months ago
- ☆12Nov 17, 2024Updated last year
- 在线安软识别☆12Aug 6, 2025Updated 6 months ago
- A C implementation for a stealth injection method☆38Jan 30, 2026Updated last month
- This is the tool to dump the LSASS process on modern Windows 11☆557Nov 1, 2025Updated 4 months ago
- Load CLR to get RWX 通过加载clr在自身内存中产生rwx空间☆22Sep 28, 2022Updated 3 years ago
- 一款基于PE Patch技术的后渗透免杀工具,主要支持x64☆354Mar 5, 2025Updated 11 months ago
- 批量处理url链接,获取多级路径并打印☆47Jul 12, 2023Updated 2 years ago
- 基于 OPSEC 的 CobaltStrike 后渗透自动化链☆451Mar 11, 2024Updated last year
- Zerologon exploit with restore DC password automatically☆145Mar 15, 2024Updated last year
- 一种通过进程注入实现强制关闭部分杀软进程的方法(以360安全卫士和360杀毒为例)☆139Dec 26, 2023Updated 2 years ago
- 集成了截图 键盘记录 剪贴版功能,用于网络限制场景下的信息搜集☆90May 18, 2024Updated last year
- grs内网穿透工具通过reality协议隐藏特征☆610Dec 4, 2025Updated 2 months ago
- 无影脚 - 命令行下的日志文件处理工具☆51Nov 15, 2022Updated 3 years ago
- Stealthy Payload loader with Anti-EDR Capabilities☆135Apr 21, 2025Updated 10 months ago
- Visual Studio .suo文件反序列化漏洞利用工具☆17Jun 28, 2025Updated 8 months ago
- Basic Psexec clone, but in golang.☆16Jul 2, 2022Updated 3 years ago
- Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…☆13Feb 4, 2024Updated 2 years ago
- Windows RPC example calling stubs generated from MS-LSAT and MS-LSAD☆28Jan 4, 2024Updated 2 years ago
- A tool written in golang which compress using UPX and patch it with the provided PE file to make "UPX -d" flag impossible to decompress a…☆31Jan 2, 2025Updated last year
- MysqlHoneypot☆24May 4, 2022Updated 3 years ago
- 收集云沙箱上线C2的ip,如微X、奇XX、3X0、virustX等☆125Oct 23, 2023Updated 2 years ago
- ☆457Aug 27, 2024Updated last year
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆69Oct 10, 2025Updated 4 months ago
- Nacos JRaft Hessian 反序列化 RCE 加载字节码 注入内存马 不出网利用☆848Jul 7, 2023Updated 2 years ago
- PE to shellcode☆269Jan 1, 2025Updated last year
- 内网资产收集、探测主机存活、端口扫描、域控定位、文件搜索、各种服务爆破(SSH、SMB、MsSQL等)、Socks代理,一键自动化+无文件落地扫描☆469Nov 20, 2024Updated last year
- ☆94May 26, 2023Updated 2 years ago
- 利用阿里云oss对象存储,来转发http流量实现(cs)Cobalt Strike、msf 上线等 这之间利用阿里云的相关域名进行通信。☆169Jan 12, 2023Updated 3 years ago