Block or Report
Block or report coldfusion39
Contact GitHub support about this user’s behavior. Learn more about reporting abuse.
Report abuseEvasion
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
Get fresh Syscalls from a fresh ntdll.dll copy
RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtC…
Shellcode injection technique. Given as C++ header, standalone Rust program or library.
ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h
Nim version of MDSec's Parallel Syscall PoC
Patches the Microsoft Linker so that it produces executables without the 'Rich' header
This is a simple tool to remove the "Rich" header from binaries (EXE or DLL files) created by M$ development tools.
A simple program to hook the current process to identify the manual syscall executions on windows
Convert shellcode into ✨ different ✨ formats!
POC of a better implementation of GetProcAddress for ntdll using binary search
A *very* imperfect attempt to correlate Kernel32 function calls to native API (Nt/Zw) counterparts/execution flow.
Piece of code to detect and remove hooks in IAT
An implementation and proof-of-concept of Process Forking.
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting…
UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware
Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction within NTDLL.
Research code & papers from members of vx-underground.