reveng007 / ReflectiveNtdll
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
☆172Updated 2 years ago
Alternatives and similar repositories for ReflectiveNtdll:
Users that are interested in ReflectiveNtdll are comparing it to the libraries listed below
- Generic PE loader for fast prototyping evasion techniques☆228Updated 8 months ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆186Updated last year
- Beacon Object File Loader☆283Updated last year
- ☆133Updated last year
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆118Updated 2 years ago
- The code is a pingback to the Dark Vortex blog:☆174Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆132Updated 2 years ago
- BOF combination of KillDefender and Backstab☆166Updated last year
- Do some DLL SideLoading magic☆79Updated last year
- An App Domain Manager Injection DLL PoC on steroids☆167Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆269Updated 2 years ago
- Patch AMSI and ETW in remote process via direct syscall☆81Updated 2 years ago
- ☆154Updated last year
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆102Updated last year
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆230Updated 2 years ago
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆226Updated last year
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆144Updated 2 years ago
- Patch AMSI and ETW☆237Updated 10 months ago
- Stealthier variation of Module Stomping and Module Overloading injection techniques that reduces memory IoCs. Implemented in Python ctype…☆112Updated last year
- WIP shellcode loader in nim with EDR evasion techniques☆209Updated 2 years ago
- Exploitation of process killer drivers☆197Updated last year
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆291Updated last year
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆214Updated last year
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆190Updated 9 months ago
- EDRSandblast-GodFault☆257Updated last year
- Bypass LSA protection using the BYODLL technique☆155Updated 5 months ago
- reflectively load and execute PEs locally and remotely bypassing EDR hooks☆151Updated last year
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆140Updated 2 years ago
- ☆181Updated last year
- .NET assembly loader with patchless AMSI and ETW bypass☆319Updated last year