Implant drop-in for EDR testing

Windows user-land hooks manipulation tool.

Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"

Reduce Dynamic Analysis Detection Rates With Built-In Unhooker, Anti Analysis Techniques, And String Obfuscator Modules.

Unhook DLL via cleaning the DLL 's .text section

Go offensive-security research library — 15+ injection methods, AMSI/ETW/ntdll-unhook evasion, sleep mask (Ekko × XOR/RC4/AES), call-stack spoof, BYOVD (RTCore64) + kernel callback removal, LSASS dump + pure-Go MSV1_0 parser w/ PPL bypass, recon (sandbox/VM/debugger/dllhijack), PE ops (sRDI/BOF/CLR), Meterpreter C2, UAC bypass, CVE-2024-30088 LPE.

AV (BitDefender) function un-hook in C

Bypassing all EDR hooks while maintaining the cleanest callstack of all time with proxy calls and an exception handler.

Full IAT unhooking of all ntdll functions called from kernel32

This project demonstrates simply a ssdt unhooking technique via NtLoadDriver routine in Windows 11 X64.