NTDLLReflection

NTDLLReflection

297 Stars

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

SaadAhla
Red-team
Jul 22, 2025
297 stars
View on GitHub
Share on:
X LinkedIn Facebook WhatsApp Telegram Reddit Email
Category
Red-team
GitHub Stars
297
Project Added On
Jul 22, 2025
Contributors
1

README.md

View on GitHub

NTDLLReflection

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

image

image

Tool Information

Author

SaadAhla

Project Added On

July 22, 2025

License

Open Source

Tags

security tool
View on GitHub

Related Tools

kernel-exploit-factory

kernel-exploit-factory

Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.

Stable
NovaHypervisor

NovaHypervisor

NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.

Stable
View more Red-team tools