Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub topics: ntdll-unhooking

dk0m/CraftUnhook

Unhooking NTDLL Without Reading It From Disk.

Language: C++ - Size: 18.6 KB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 3 - Forks: 1

EvilBytecode/Ntdll-Unhook

Unhook Ntdll.dll, Go & C++.

Language: C++ - Size: 8.79 KB - Last synced at: 5 days ago - Pushed at: about 1 month ago - Stars: 22 - Forks: 3

ricardojoserf/TrickDump

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

Language: C# - Size: 615 KB - Last synced at: 15 days ago - Pushed at: 15 days ago - Stars: 452 - Forks: 51

ricardojoserf/NativeDump

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

Language: C# - Size: 319 KB - Last synced at: 19 days ago - Pushed at: 19 days ago - Stars: 588 - Forks: 87

ricardojoserf/NativeNtdllRemap

Remap ntdll.dll using only NTAPI functions with a suspended process

Language: C++ - Size: 35.2 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 18 - Forks: 3

reveng007/ReflectiveNtdll

A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

Language: C - Size: 23.3 MB - Last synced at: 20 days ago - Pushed at: over 2 years ago - Stars: 170 - Forks: 24

ricardojoserf/NativeBypassCredGuard

Bypass Credential Guard by patching WDigest.dll using only NTAPI functions

Language: C++ - Size: 161 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 234 - Forks: 28

ricardojoserf/goNtdllOverwrite

Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process

Language: Go - Size: 12.7 KB - Last synced at: 8 months ago - Pushed at: 11 months ago - Stars: 3 - Forks: 2

ricardojoserf/pyNtdllOverwrite

Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process

Language: Python - Size: 10.7 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 0 - Forks: 0

ricardojoserf/SharpNtdllOverwrite

Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder, a debugged process or a URL

Language: C# - Size: 30.3 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 6 - Forks: 2

nbs32k/inline-syscall

Inline syscalls made for MSVC supporting x64 and WOW64

Language: C++ - Size: 40 KB - Last synced at: about 1 year ago - Pushed at: almost 2 years ago - Stars: 168 - Forks: 30

unkvolism/Fuck-Etw

Bypass the Event Trace Windows(ETW) and unhook ntdll.

Language: C - Size: 17.6 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 59 - Forks: 8

Related Keywords
ntdll-unhooking 12 edr-evasion 5 malware-development 4 redteam-tools 4 ntapi 4 evasion 3 edr-bypass 3 malware 3 lsass 2 lsass-dump 2 windows 2 ntdll 2 security-tools 2 wdigest 1 maldev-academy 1 microsoft 1 ssdt 1 ssdt-hook 1 syscall-fuzzer 1 syscall-hook 1 syscall-hooking 1 syscall-table 1 syscalls 1 win32u 1 etw-evasion 1 red-team 1 credential-guard 1 systemfunction033 1 process-injection 1 implant 1 fiber 1 edr 1 dropper 1 bypass-antivirus 1 bypass 1 antivirus 1 mimikatz 1 fud 1 av 1