[Deprecated, work in progress alternative: https://github.com/M2Team/NanaRun] Series of System Administration Tools

Dump lsass using only NTAPI functions by hand-crafting Minidump files (without MiniDumpWriteDump!!!)

Dump lsass using only NTAPI functions creating 3 JSON and 1 ZIP file... and generate the MiniDump file later!

Go shellcode loader that combines multiple evasion techniques

Extract the SAM and SYSTEM hives using the Volume Shadow Copy (VSS) API. With exfiltration and XOR obfuscation options. Implemented in C#, C++, Crystal and Python

Bypass Credential Guard by patching WDigest.dll using only NTAPI functions

Shellcode loader written in C and Assembly utilizing direct or indirect syscalls to evade UM EDR hooks

Some random system tools for Windows

Impersonate Tokens using only NTAPI functions

Windows Rregistry Linking Utility

Vulnerable (on purpose) programs to leak NtReadVirtualMemory address for stealthier API resolution (no GetProcAddress, GetModuleHandle or LoadLibrary in the IAT)

「⚙️」Detect which native Windows API's (NtAPI) are being hooked

Remap ntdll.dll using only NTAPI functions with a suspended process

Windows API (WinAPI) functions and system calls with categories in JSON format, including arguments (SAL notation) and more.

KNSoft.NDK provides native C/C++ definitions and import libraries for Windows NT.

Codes that could trigger BSOD (Blue Screen of Death) on Windows.

💠 Documented and undocumented WinAPI search.

Disclosing information from an AppContainer.

Microsoft Windows user-mode API access with clean Rust types.

Samples that shows how to use API Hook libraries: Detours, Deviare, MHook, EasyHook to hide files with the "+/*.txt" file name pattern.