reveng007 / ReflectiveNtdll

A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

Date Created 2023-01-30 (2 years ago)

Commits 20 (last one about a year ago)

Stargazers 169 (0 this week)

Watchers 4 (0 this week)

Forks 23

License mit

Ranking

RepositoryStats indexes 609,829 repositories, of these reveng007/ReflectiveNtdll is ranked #207,438 (66th percentile) for total stargazers, and #379,918 for total watchers. Github reports the primary language for this repository as C, for repositories using this language it is ranked #8,552/22,653.

reveng007/ReflectiveNtdll is also tagged with popular topics, for these it's ranked: malware (#261/605), bypass (#101/238), antivirus (#49/112)

All Topics

edr fiber bypass dropper evasion implant malware antivirus ntdll-unhooking bypass-antivirus process-injection systemfunction033

Star History

Github stargazers over time

Watcher History

Github watchers over time, collection started in '23

Recent Commit History

20 commits on the default branch (main) since jan '22

Yearly Commits

Commits to the default branch (main) per year

Issue History

No issues have been posted

Languages

The primary language is C but there's also others...

updated: 2025-01-16 @ 04:46pm, id: 595028107 / R_kgDOI3doiw