ntdll-unhooking

There are 0 repository under ntdll-unhooking topic.

inline-syscall
Ravissonce / inline-syscall
Inline syscalls made for MSVC supporting x64 and WOW64
windows microsoft ntdll ntdll-unhooking ssdt ssdt-hook syscall-fuzzer syscall-hook syscall-hooking syscall-table syscalls win32u
Language:C++ 166
reveng007 / ReflectiveNtdll
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
antivirus dropper edr evasion fiber implant malware ntdll-unhooking systemfunction033 process-injection bypass bypass-antivirus
Language:C 161
unkvolism / Fuck-Etw
Bypass the Event Trace Windows(ETW) and unhook ntdll.
etw-evasion evasion malware ntdll-unhooking red-team
Language:C 84
ricardojoserf / SharpNtdllOverwrite
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder, a debugged process or a URL
maldev-academy malware-development ntdll-unhooking edr-evasion
Language:C# 7

Ravissonce / inline-syscall