ntdll-unhooking

Here are 3 public repositories matching this topic...

reveng007 / ReflectiveNtdll

A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

malware antivirus evasion bypass fiber dropper bypass-antivirus edr implant process-injection ntdll-unhooking systemfunction033

Updated Feb 10, 2023
C

unkvolism / Fuck-Etw

Star

Bypass the Event Trace Windows(ETW) and unhook ntdll.

malware evasion red-team etw-evasion ntdll-unhooking

Updated Sep 29, 2023
C

victorTrofelli / Malicious-Service-With-Ntdll

Star

The project consists of a service that utilizes advanced techniques to inject a Payload into its own process, specifically the Windows RuntimeBroker.exe

c windows system service assembly x64 malware windows-service malware-research malware-development anti-debugging ntdll earlybird anti-debugger ppid-spoofing syswhisper ntdll-unhooking dllblockpolicy

Updated Jul 3, 2024
C

Improve this page

Add a description, image, and links to the ntdll-unhooking topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the ntdll-unhooking topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly