Results for "ntapi"

Claude Code Claude Desktop GitHub Copilot Cursor Windsurf Cline Zed JetBrains

📄SKILL.md 🤖CLAUDE.md ⚡Claude Commands 📐.cursorrules 📐Cursor Rules 🕹️AGENTS.md 🧬codex.md 🏄.windsurfrules 🔧.clinerules 🧑‍✈️Copilot Instructions

All Development Operations Data Product Marketing Customer Design Sales

56 skills found · Page 1 of 2

M2TeamArchived / NSudo

2.2k

[Deprecated, work in progress alternative: https://github.com/M2Team/NanaRun] Series of System Administration Tools

universal

accesscheckadministrationbypass+12

Updated 14h ago

ricardojoserf / NativeDump

702

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

universal

lsasslsass-dumpntapi+3

Updated 15h ago

ricardojoserf / TrickDump

541

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

universal

lsasslsass-dumpmimikatz+4

Updated 17d ago

f1zm0 / Hades

388

Go shellcode loader that combines multiple evasion techniques

universal

adversary-emulationav-evasionedr-evasion+8

Updated 13d ago

safedv / RustiveDump

385

LSASS memory dumper using only NTAPIs, creating a minimal minidump. It can be compiled as shellcode (PIC), supports XOR encryption, and remote file transmission.

universal

lsass-dumpoffensive-securityposition-independent-code+2

Updated 16d ago

safedv / RustPotato

358

A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTAPI for various operations.

universal

offensive-securityprivilege-escalationred-team

Updated 8d ago

ricardojoserf / SAMDump

344

Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#, C++, Crystal and Python

universal

malware-developmentntapired-team+4

Updated 2d ago

ricardojoserf / NativeBypassCredGuard

268

Bypass Credential Guard by patching WDigest.dll using only NTAPI functions

universal

credential-guardntapintdll-unhooking+2

Updated 17d ago

safedv / RustSoliloquy

191

A Rust implementation of Internal-Monologue — retrieving NetNTLM hashes without touching LSASS, leveraging SSPI for NTLM negotiation and indirect NTAPIs for core operations.

universal

ntlm-hashoffensive-securityred-team+1

Updated 1mo ago

reveng007 / ReflectiveNtdll

180

A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber

universal

antivirusbypassbypass-antivirus+9

Updated 1mo ago

voidvxvi / HellBunny

139

Shellcode loader written in C and Assembly utilizing direct or indirect syscalls to evade UM EDR hooks

universal

api-hashingdirect-syscallsdll+15

Updated 24d ago

MSxDOS / Ntapi

125

Rust FFI bindings for Native API

universal

Updated 4d ago

diversenok / NtTools

115

Some random system tools for Windows

universal

ntapisystemwinapi+2

Updated 1mo ago

ricardojoserf / NativeTokenImpersonate

Impersonate Tokens using only NTAPI functions

universal

edr-evasionmalware-developmentntapi+2

Updated 1mo ago

Faran-17 / Hellshazzard

Indirect Syscall implementation to bypass userland NTAPIs hooking.

universal

Updated 7d ago

Fyyre / Directntapi

DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10

universal

Updated 10mo ago

GetRektBoy724 / HalosUnhooker

Halos Gate-based NTAPI Unhooker

universal

Updated 4mo ago

tenox7 / Regln

Windows Rregistry Linking Utility

universal

hivelinknative+4

Updated 2mo ago

ricardojoserf / MemorySnitcher

Vulnerable (on purpose) programs to leak NtReadVirtualMemory address for stealthier API resolution (no GetProcAddress, GetModuleHandle or LoadLibrary in the IAT)

universal

malwaremalware-developmentmalware-research+3

Updated 16d ago

jaytiwari05 / Shellcoderunner

A simple research-focused AES-based shellcode loader demonstrating in-memory execution and NTAPI techniques to help understand how custom loaders can bypass Windows Defender–based detection.

universal

Updated 3d ago