Featured work

1. SaadAhla/FilelessPELoader

   Loading Remote AES Encrypted PE in memory , Decrypted it and run it

   C++ 967
2. SaadAhla/NTDLLReflection

   Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table

   C++ 300
3. SaadAhla/D1rkLdr

   Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscall instruction address resolving at run time

   C++ 314
4. SaadAhla/Shellcode-Hide

   This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)

   C++ 422
5. SaadAhla/UnhookingPatch

   Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime

   C++ 307
6. SaadAhla/ntdlll-unhooking-collection

   different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)

   C++ 194