"topic:ntapi" — Search

31 results for “topic:ntapi”

[Deprecated, work in progress alternative: https://github.com/M2Team/NanaRun] Series of System Administration Tools

accesscheckadministrationbypassdevilmodeintegritylevellaunchernsudontapiprivilegesprocesssessionsystemtokentrustedinstallerwindows

ricardojoserf/NativeDump

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

C#70196Updated 2 weeks ago

lsasslsass-dumpntapintdll-unhookingredteam-toolssecurity-tools

ricardojoserf/TrickDump

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

C#54156Updated 3 days ago

lsasslsass-dumpmimikatzntapintdll-unhookingredteam-toolssecurity-tools

f1zm0/hades

Go shellcode loader that combines multiple evasion techniques

Go38947Updated 2 weeks ago

adversary-emulationav-evasionedr-evasionevasiongolangntapintdlloffensive-securitypentestingred-teamingsyscalls

ricardojoserf/SAMDump

Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#, C++, Crystal and Python

C#34244Updated 6 hours ago

malware-developmentntapired-teamred-team-toolsredteamredteam-toolssecurity-tools

ricardojoserf/NativeBypassCredGuard

Bypass Credential Guard by patching WDigest.dll using only NTAPI functions

C++26832Updated 3 days ago

credential-guardntapintdll-unhookingredteam-toolswdigest

voidvxvi/HellBunny

Shellcode loader written in C and Assembly utilizing direct or indirect syscalls to evade UM EDR hooks

C13926Updated 1 week ago

api-hashingdirect-syscallsdlldll-sideloadingedr-bypassedr-evasioniat-camouflageindirect-syscallsmaldevmalware-developmentmsvcnative-apintapipayload-encryptionprocess-injectionshellcode-injectionshellcode-loaderwindows

diversenok/NtTools

Some random system tools for Windows

Pascal11525Updated 4 weeks ago

ntapisystemwinapiwindowswindows-internals

ricardojoserf/NativeTokenImpersonate

Impersonate Tokens using only NTAPI functions

C++8421Updated 2 weeks ago

edr-evasionmalware-developmentntapiredteam-toolstoken-impersonation

tenox7/regln

Windows Rregistry Linking Utility

C5113Updated 2 months ago

hivelinknativentapiregeditregistrywindows

ricardojoserf/MemorySnitcher

Vulnerable (on purpose) programs to leak NtReadVirtualMemory address for stealthier API resolution (no GetProcAddress, GetModuleHandle or LoadLibrary in the IAT)

C++426Updated 2 days ago

malwaremalware-developmentmalware-researchntapintreadvirtualmemoryred-team

brosck/APIHookingDetector

「⚙️」Detect which native Windows API's (NtAPI) are being hooked

C++399Updated 2 months ago

apidetectdetectorextractextractorhookingnativenative-apintntapiwindows

ricardojoserf/NativeNtdllRemap

Remap ntdll.dll using only NTAPI functions with a suspended process

C++285Updated 5 days ago

edr-evasionmalware-developmentntapintdll-unhookingredteam-tools

reverseame/winapi-categories

Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.