ntapi

There are 0 repository under ntapi topic.

• M2TeamArchived / NSudo

  [Deprecated, work in progress alternative: https://github.com/M2Team/NanaRun] Series of System Administration Tools

  accesscheckadministrationbypassdevilmodeintegritylevellaunchernsudontapiprivilegesprocesssessionsystemtokentrustedinstallerwindows
  Language:C++ 2105

• ricardojoserf / NativeDump

  Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

  lsasslsass-dumpredteam-toolssecurity-toolsntapintdll-unhooking
  Language:C# 683

• ricardojoserf / TrickDump

  Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

  lsasslsass-dumpmimikatzredteam-toolssecurity-toolsntapintdll-unhooking
  Language:C# 515
• hades

  f1zm0 / hades

  Go shellcode loader that combines multiple evasion techniques

  av-evasionedr-evasiongolangpentestingred-teamingntapintdllsyscallsevasionadversary-emulationoffensive-security
  Language:Go 385

• ricardojoserf / NativeBypassCredGuard

  Bypass Credential Guard by patching WDigest.dll using only NTAPI functions

  redteam-toolswdigestcredential-guardntapintdll-unhooking
  Language:C++ 258

• voidvxvt / HellBunny

  Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks

  direct-syscallsedr-evasionindirect-syscallsmaldevmalware-developmentmsvcnative-apintapiwindowsiat-camouflagepayload-encryptionprocess-injectionedr-bypassapi-hashingdlldll-sideloadingshellcode-injectionshellcode-loader
  Language:C 129

• diversenok / NtTools

  Some random system tools for Windows

  windowswinapintapisystemwindows-internals
  Language:Pascal 114

• ricardojoserf / NativeTokenImpersonate

  Impersonate Tokens using only NTAPI functions

  edr-evasionmalware-developmentntapiredteam-toolstoken-impersonation
  Language:C++ 80

• tenox7 / regln

  Windows Rregistry Linking Utility

  windowsregistrylinkhiveregeditntapinative
  Language:C 51

• ricardojoserf / MemorySnitcher

  Vulnerable (on purpose) programs to leak NtReadVirtualMemory address for stealthier API resolution (no GetProcAddress, GetModuleHandle or LoadLibrary in the IAT)

  malwaremalware-developmentmalware-researchntapintreadvirtualmemoryred-team
  Language:C++ 39

• brosck / APIHookingDetector

  「⚙️」Detect which native Windows API's (NtAPI) are being hooked

  apidetectdetectorextractextractorhookingnativenative-apintntapiwindows
  Language:C++ 38

• ricardojoserf / NativeNtdllRemap

  Remap ntdll.dll using only NTAPI functions with a suspended process

  edr-evasionmalware-developmentntapintdll-unhookingredteam-tools
  Language:C++ 26

• reverseame / winapi-categories

  Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.

  native-apintapisyscallssystem-callswinapiwindowswindows-functionswindows-syscallswindows-api
  Language:Python 21
• NotMe-BSOD

  lzcapp / NotMe-BSOD

  Codes that could trigger BSOD (Blue Screen of Death) on Windows.

  bluescreenbsodntapisecuritysecurity-auditwinapiwindows
  Language:C 19

• KNSoft / KNSoft.NDK

  KNSoft.NDK provides native C/C++ definitions and import libraries for Windows NT.

  ntdllsdk-windowswindowsntapireverse-engineeringwindowsinternals
  Language:C 18

• diversenok / Things-AppContainer-Knows

  Disclosing information from an AppContainer.

  windowsntapiappcontainer
  Language:Pascal 16

• MauriceKayser / rs-winapi2

  Microsoft Windows user-mode API access with clean Rust types.

  ffintntapirustrust-langsyscallsysenterwin32winapiwindows
  Language:Rust 15

• apriorit / APIHookingLibraries

  Samples that shows how to use API Hook libraries: Detours, Deviare, MHook, EasyHook to hide files with the "+/*.txt" file name pattern.

  apiapi-hookinghookntapiwinapiwindows
  Language:C++ 11

• Print3M / malware-dev

  Windows malware development C/C++ snippets.

  malwaremalware-developmentntapiwinapiwindows
  Language:C 11

• baysec-eu / winapi-search

  💠 Documented and undocumented WinAPI search.

  dllfunctionssymbolswinapiwindowsntapintdllntoskrnlwin32syscallswindows-api
  Language:TypeScript 8

• dz333n / ReactOS-Kernel

  Win32less fork of ReactOS (only kernel and NT programs)

  reactosntapiwindows-ntntdllwindowswinapi
  Language:C 7

• vertver / WindowsHacks

  Windows Hacks by Windows Programmer

  windowswindows-10windows-desktopwindows-appwin32winapintapireverse-engineeringlow-level
  Language:C++ 7

• arimaqz / winapi-obfuscator

  obfuscate WINAPI/NTAPI calls easily.

  hackingmalwarentapiredteamingwinapimalware-deve
  Language:Python 6

• marv2097 / gontapi

  A golang wrapper for Napatech's API - Allows packet capture directly into go applications with the use of NTPL filters.

  napatechntapintpl
  Language:Go 2

• 0xvpr / anti-debugging-mingw-x64

  x64 rewrite of GuidedHacking's Anti-debugging techniques on a (bad looking) Win32 application.

  anti-cheatanti-debuganti-debugginganticheatexcersiseheavens-gatehells-gatekernelmingw-w64ntapipracticereverse-engineeringtutorial
  Language:C++ 1

• 0xvpr / offensive-kernel-mode-c

  A dedicated repository for exploring offensive kernel-mode techniques.

  hackingmalware-researchntapioffensive-securitywindowswindows-kernel
  Language:C 1

• kinobau / kernel-driver-scanner

  C++ Usermode Windows Driver Scanner To Enumerate Loaded Kernel Modules And Driver Objects, Flagging, Suspicious or manually mapped drivers.

  driverkernelkerneldrivermanualmapmanualmappingntquerysysteminformationdriverscannerntapiwindows-internals
  Language:C++ 1

• kinobau / HandleScanner

  A simple C# Application to check for all active handles to a specified process using NtQuerySystemInformation

  ntquerysysteminformationprocesseshandlescanneranticheatntapiwindows-internals
  Language:C# 0

• spacetritonn / pwrsign

  Send power state transition signal with Windows undocumented Native API

  acpintapiwin32
  Language:C