GetRektBoy724/DCMB GetRektBoy724/DCMB

  • Stars
    star
    205
  • Rank 185,238 (Top 4 %)
  • Language
    C
  • Created over 1 year ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
GetRektBoy724/DCMB
github

GetRektBoy724

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!

DCMB - Dont Call Me Back

"I really want to remove AC/AV/EDR's kernel callback, but i dont like working with offsets and/or signature". Well, not anymore! DCMB will help you to find those callbacks dynamically. DCMB's objective is to find kernel callback list/array without using signatures or offset across multiple Windows version. This project is not intended to being integrated to your project, instead you should learn the logics thats used on this project. Contributions and bug reports are really appreciated!

Supported Callback

  • Process Creation Callback (Returns PspCreateProcessNotifyRoutine array address)
  • Thread Creation Callback (Returns PspCreateThreadNotifyRoutine array address)
  • Image Load Callback (Returns PspLoadImageNotifyRoutine array address)
  • Registry RW Callback (Returns CallbackListHead doubly linked list address)
  • Object Creation Callback (Both Process and Thread object) (Returns PsProcessType's and PsThreadType's CallbackList linked list address)
  • Driver/Image VerificationCallback (Returns ExCbSeImageVerificationDriverInfo callback object address)

Usage

Compile them, enable test signing mode, load it, and view the results through DebugView image

More Repositories

1

SharpUnhooker

C# Based Universal API Unhooker
C#
380
star
2

MeterPwrShell

Automated Tool That Generates The Perfect Meterpreter Powershell Payload
219
star
3

BetterXencrypt

A better version of Xencrypt.Xencrypt it self is a Powershell runtime crypter designed to evade AVs.
PowerShell
207
star
4

KPDB

Windows PDB parser for kernel-mode environment.
C
83
star
5

TripleS

Extracting Syscall Stub, Modernized
C#
60
star
6

SharpHalos

My implementation of Halo's Gate technique in C#
C#
50
star
7

SharpLoadLibrary

An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.
C#
50
star
8

HalosUnhooker

Halos Gate-based NTAPI Unhooker
C#
47
star
9

SyscallShuffler

Your NTDLL vaccine from modern direct syscall methods.
C#
34
star
10

ReversePowernoid

Reverse TCP Powershell has never been this paranoid. (basically an Opsec-safe reverse powershell)
C#
32
star
11

JALSI

JALSI - Just Another Lame Shellcode Injector
C#
32
star
12

Breaking-Detecting-Direct-Syscall-Techniques

A repository filled with ideas to break/detect direct syscall techniques
26
star
13

SysGate

One gate to all syscalls!
C#
23
star
14

NiceTryDLL

Nice try reading NTDLL from disk, nerd.
C#
19
star
15

LocalAMSI.Fail

This is a port of AMSI.fail,i modify the code to make it C# 5 compatible and can be executed on Windows 10 without installing any extra requirements.AMSI.fail itself generates obfuscated PowerShell snippets that break or disable AMSI for the current process.
PHP
11
star
16

sementara

Some random shits for random things
PowerShell
5
star
17

Ultrac1ph3r

Do You Want To Encode Your Text String With Multiple Ciphers? Then You're In The Right Place!
5
star
18

GetRektBoy724

1
star