Search Results - RepositoryStats

NativeDump ricardojoserf

81

560

unknown

7

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

lsass ntapi lsass-dump redteam-tools security-tools ntdll-unhooking

Created 2024-02-22

31 commits to main branch, last one about a month ago

TrickDump ricardojoserf

46

410

unknown

1

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

lsass ntapi mimikatz lsass-dump redteam-tools security-tools ntdll-unhooking

Created 2024-06-24

53 commits to main branch, last one about a month ago

NativeBypassCredGuard ricardojoserf

23

214

unknown

3

Bypass Credential Guard by patching WDigest.dll using only NTAPI functions

ntapi wdigest redteam-tools ntdll-unhooking credential-guard

Created 2024-12-01

20 commits to main branch, last one about a month ago

inline-syscall nbs32k

30

177

unknown

6

Inline syscalls made for MSVC supporting x64 and WOW64

ssdt ntdll win32u windows syscalls microsoft ssdt-hook syscall-hook syscall-table syscall-fuzzer ntdll-unhooking syscall-hooking

Created 2023-04-03

13 commits to master branch, last one about a year ago

ReflectiveNtdll reveng007

23

169

mit

4

A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFuc...

edr fiber bypass dropper evasion implant malware antivirus ntdll-unhooking bypass-antivirus process-injection systemfunction033

Created 2023-01-30

20 commits to main branch, last one about a year ago

Fuck-Etw unkvolism

13

102

unknown

1

Bypass the Event Trace Windows(ETW) and unhook ntdll.

evasion malware red-team etw-evasion ntdll-unhooking

Created 2023-09-25

6 commits to main branch, last one about a year ago