Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
-
Updated
Dec 17, 2024 - C#
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
Inline syscalls made for MSVC supporting x64 and WOW64
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
Bypass the Event Trace Windows(ETW) and unhook ntdll.
Unhook Ntdll.dll, Go & C++.
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder, a debugged process or a URL
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process
The project consists of a service that utilizes advanced techniques to inject a Payload into its own process, specifically the Windows RuntimeBroker.exe
Add a description, image, and links to the ntdll-unhooking topic page so that developers can more easily learn about it.
To associate your repository with the ntdll-unhooking topic, visit your repo's landing page and select "manage topics."