GitHunt
KL

klotyzzx/Nighthunter

🛡️ NightHunter (OSS) NightHunter. A regular utility for spoofing various debugger programs and so on

csharpcsharp-codeopen-sourceopen-source-projectopen-sources-code-githubprocess-monitorprocess-monitoring-toolssecurity-toolssecurity-toolsetutilityutility-functionwindowswindows-11windows-desktop

# NightHunter v1.1

[![Platform](https://img.shields.io/badge/Platform-Windows\_x64-blue.svg)]()

[![License](https://img.shields.io/badge/License-Research\_Only-red.svg)]()

[![Build](https://img.shields.io/badge/Build-Stable-green.svg)]()

NightHunter is a low-level process management and security auditing framework designed for advanced monitoring of x64 Windows environments. It implements kernel-style manipulation techniques from user-land to ensure maximum operational efficiency.

## Core technologies

### 1. Advanced Stealth Engine

* **PEB Obfuscation**: Direct modification of the Process Environment Block. Rewrites ImagePathName and CommandLine buffers to spoof process identity at the OS level.

* **Direct ASM Syscalls**: Bypasses the Windows API subsystem by executing syscall instructions via custom stubs. This renders user-mode hooks (EDR/AV/AC) ineffective for memory operations.

* **Memory Header Scrubbing**: Implements an MZ-header wipe and intentional corruption of the PE signature in memory to evade reactive memory scanners.

### 2. Sentry Monitoring System

* **Deep Signature Analysis**: Scans beyond process names, analyzing window titles and memory patterns to detect analysis tools even when renamed or obfuscated.

* **Eternal Masking Logic**: Utilizes a high-frequency thread to enforce window title integrity, winning race conditions against monitoring software that attempts to poll window metadata.

## Build

### Prerequisites

* **IDE**: Visual Studio 2022+ or JetBrains Rider.

* **Compiler**: Roslyn (C# 7.3+ support).

* **Environment**: .NET Framework 4.7.2 Runtime.

* **Privileges**: Application must be executed with **Integrity Level: High** (Administrator).

### Compilation

1. Clone the repository.

2. Set build configuration to Release | x64.

3. Enable Allow unsafe code in project properties.

4. Build Solution (Ctrl+Shift+B).

## Technical

* **x64 Only**: The ASM stubs and syscall logic are strictly designed for 64-bit instruction sets. Running on x86 will result in a controlled exception.

* **SeDebugPrivilege**: The framework will attempt to acquire this privilege on startup. If it fails, memory manipulation vectors will be restricted.

## Disclaimer

This software is provided "as is" for research, educational, and authorized security testing purposes only. The author is not responsible for any illegal use, data loss, or system instability caused by this tool. Use in production environments is at your own risk.

Contributors

KL
MIT License
Created January 4, 2026
Updated January 5, 2026