ntapi
There are 28 repositories under ntapi topic.
M2TeamArchived/NSudo
[Deprecated, work in progress alternative: https://github.com/M2Team/NanaRun] Series of System Administration Tools
ricardojoserf/NativeDump
Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)
ricardojoserf/TrickDump
Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!
f1zm0/hades
Go shellcode loader that combines multiple evasion techniques
ricardojoserf/NativeBypassCredGuard
Bypass Credential Guard by patching WDigest.dll using only NTAPI functions
voidvxvt/HellBunny
Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks
diversenok/NtTools
Some random system tools for Windows
ricardojoserf/NativeTokenImpersonate
Impersonate Tokens using only NTAPI functions
tenox7/regln
Windows Rregistry Linking Utility
ricardojoserf/MemorySnitcher
Vulnerable (on purpose) programs to leak NtReadVirtualMemory address for stealthier API resolution (no GetProcAddress, GetModuleHandle or LoadLibrary in the IAT)
brosck/APIHookingDetector
「⚙️」Detect which native Windows API's (NtAPI) are being hooked
ricardojoserf/NativeNtdllRemap
Remap ntdll.dll using only NTAPI functions with a suspended process
lzcapp/NotMe-BSOD
Codes that could trigger BSOD (Blue Screen of Death) on Windows.
reverseame/winapi-categories
Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.
KNSoft/KNSoft.NDK
KNSoft.NDK provides native C/C++ definitions and import libraries for Windows NT.
diversenok/Things-AppContainer-Knows
Disclosing information from an AppContainer.
MauriceKayser/rs-winapi2
Microsoft Windows user-mode API access with clean Rust types.
apriorit/APIHookingLibraries
Samples that shows how to use API Hook libraries: Detours, Deviare, MHook, EasyHook to hide files with the "+/*.txt" file name pattern.
Print3M/malware-dev
Windows malware development C/C++ snippets.
baysec-eu/winapi-search
💠 Documented and undocumented WinAPI search.
dz333n/ReactOS-Kernel
Win32less fork of ReactOS (only kernel and NT programs)
vertver/WindowsHacks
Windows Hacks by Windows Programmer
arimaqz/winapi-obfuscator
obfuscate WINAPI/NTAPI calls easily.
marv2097/gontapi
A golang wrapper for Napatech's API - Allows packet capture directly into go applications with the use of NTPL filters.
0xvpr/anti-debugging-mingw-x64
x64 rewrite of GuidedHacking's Anti-debugging techniques on a (bad looking) Win32 application.
0xvpr/offensive-kernel-mode-c
A dedicated repository for exploring offensive kernel-mode techniques.
kinobau/kernel-driver-scanner
C++ Usermode Windows Driver Scanner To Enumerate Loaded Kernel Modules And Driver Objects, Flagging, Suspicious or manually mapped drivers.
kinobau/HandleScanner
A simple C# Application to check for all active handles to a specified process using NtQuerySystemInformation