goNtdllOverwrite - API Unhooking in Golang
Overwrite ntdll.dll’s “.text” section using a clean version of the DLL using Golang.
pyNtdllOverwrite - API Unhooking in Python
Overwrite ntdll.dll’s “.text” section using a clean version of the DLL using Python.
Dumping lsass using only NTAPIs by hand-crafting Minidump files
NativeDump allows to dump the lsass process using only NTAPIs generating a Minidump file with only the streams needed to be parsed by tools like Mimikatz or Pypykatz (SystemInfo, ModuleList and Memory64List Streams).
Dumping Jenkins credentials
A very dumb way to access Jenkins protected credentials which I have not found documented anywhere.
C# implementation of GetModuleHandle for remote processes
GetModuleHandle implementation for remote processes in C# using only NTAPIs: NtQueryInformationProcess, NtReadVirtualMemory and NtOpenProcess.
p-invoke.net - Website with P/Invoke definitions
This website contains most of the P/Invoke definitions from the now offline pinvoke.net, adding the link to the Microsoft documentation for each one.
MinidumpParser
C# program to parse Microsoft Minidump files.