├── .github ├── FUNDING.yml ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── config.yml │ └── feature_request.md └── dependabot.yml ├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── assets ├── demo1.png └── demo2.png ├── cmd └── main.go ├── evasion ├── acg.go ├── amsi.go ├── asm_x64.s ├── blockdlls.go ├── consts.go ├── etw.go ├── exports.go ├── gate.go ├── hashing.go ├── hooks.go ├── lsass.go ├── phant0m.go ├── sandbox.go ├── sleep.go ├── syscall.go ├── unhook.go └── utils.go ├── examples ├── README.md ├── api-hashing.go ├── blockdlls.go ├── dump-lssas.go ├── enable-acg-guard.go ├── find-pids.go ├── halos-gate.go ├── sandbox.go ├── shellcode-loader.go └── suspend-event-log.go ├── go.mod ├── go.sum ├── pkg └── hooka │ ├── acg.go │ ├── amsi.go │ ├── auxiliary.go │ ├── blockdlls.go │ ├── dll.go │ ├── etw.go │ ├── gate.go │ ├── hashing.go │ ├── hooks.go │ ├── lsass.go │ ├── phant0m.go │ ├── sandbox.go │ ├── shellcode.go │ ├── sleep.go │ ├── syscall.go │ └── unhook.go ├── shellcode ├── asm_x64.s ├── createprocess.go ├── createremotethread.go ├── enumsystemlocales.go ├── etwpcreateetwthread.go ├── exports.go ├── fibers.go ├── no-rwx.go ├── ntcreatethreadex.go ├── ntqueueapcthreadex.go ├── processhollowing.go ├── queueuserapc.go ├── rtlcreateuserthread.go └── uuidfromstring.go └── utils ├── 3des.go ├── aes.go ├── data.go ├── dll.go ├── hashes.go ├── pe_info.go ├── privs_windows.go ├── rand.go ├── rc4.go ├── shellcode.go └── xor.go /.github/FUNDING.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/.github/FUNDING.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/.github/ISSUE_TEMPLATE/bug_report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/.github/ISSUE_TEMPLATE/config.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/.github/ISSUE_TEMPLATE/feature_request.md -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/.github/dependabot.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .vscode 3 | 4 | # compiled binaries 5 | build/ 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/README.md -------------------------------------------------------------------------------- /assets/demo1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/assets/demo1.png -------------------------------------------------------------------------------- /assets/demo2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/assets/demo2.png -------------------------------------------------------------------------------- /cmd/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/cmd/main.go -------------------------------------------------------------------------------- /evasion/acg.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/acg.go -------------------------------------------------------------------------------- /evasion/amsi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/amsi.go -------------------------------------------------------------------------------- /evasion/asm_x64.s: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/asm_x64.s -------------------------------------------------------------------------------- /evasion/blockdlls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/blockdlls.go -------------------------------------------------------------------------------- /evasion/consts.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/consts.go -------------------------------------------------------------------------------- /evasion/etw.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/etw.go -------------------------------------------------------------------------------- /evasion/exports.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/exports.go -------------------------------------------------------------------------------- /evasion/gate.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/gate.go -------------------------------------------------------------------------------- /evasion/hashing.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/hashing.go -------------------------------------------------------------------------------- /evasion/hooks.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/hooks.go -------------------------------------------------------------------------------- /evasion/lsass.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/lsass.go -------------------------------------------------------------------------------- /evasion/phant0m.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/phant0m.go -------------------------------------------------------------------------------- /evasion/sandbox.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/sandbox.go -------------------------------------------------------------------------------- /evasion/sleep.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/sleep.go -------------------------------------------------------------------------------- /evasion/syscall.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/syscall.go -------------------------------------------------------------------------------- /evasion/unhook.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/unhook.go -------------------------------------------------------------------------------- /evasion/utils.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/evasion/utils.go -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/examples/README.md -------------------------------------------------------------------------------- /examples/api-hashing.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/examples/api-hashing.go -------------------------------------------------------------------------------- /examples/blockdlls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/examples/blockdlls.go -------------------------------------------------------------------------------- /examples/dump-lssas.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/examples/dump-lssas.go -------------------------------------------------------------------------------- /examples/enable-acg-guard.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/examples/enable-acg-guard.go -------------------------------------------------------------------------------- /examples/find-pids.go: -------------------------------------------------------------------------------- 1 | package main 2 | -------------------------------------------------------------------------------- /examples/halos-gate.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/examples/halos-gate.go -------------------------------------------------------------------------------- /examples/sandbox.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/examples/sandbox.go -------------------------------------------------------------------------------- /examples/shellcode-loader.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/examples/shellcode-loader.go -------------------------------------------------------------------------------- /examples/suspend-event-log.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/examples/suspend-event-log.go -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/go.sum -------------------------------------------------------------------------------- /pkg/hooka/acg.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/acg.go -------------------------------------------------------------------------------- /pkg/hooka/amsi.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/amsi.go -------------------------------------------------------------------------------- /pkg/hooka/auxiliary.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/auxiliary.go -------------------------------------------------------------------------------- /pkg/hooka/blockdlls.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/blockdlls.go -------------------------------------------------------------------------------- /pkg/hooka/dll.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/dll.go -------------------------------------------------------------------------------- /pkg/hooka/etw.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/etw.go -------------------------------------------------------------------------------- /pkg/hooka/gate.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/gate.go -------------------------------------------------------------------------------- /pkg/hooka/hashing.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/hashing.go -------------------------------------------------------------------------------- /pkg/hooka/hooks.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/hooks.go -------------------------------------------------------------------------------- /pkg/hooka/lsass.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/lsass.go -------------------------------------------------------------------------------- /pkg/hooka/phant0m.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/phant0m.go -------------------------------------------------------------------------------- /pkg/hooka/sandbox.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/sandbox.go -------------------------------------------------------------------------------- /pkg/hooka/shellcode.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/shellcode.go -------------------------------------------------------------------------------- /pkg/hooka/sleep.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/sleep.go -------------------------------------------------------------------------------- /pkg/hooka/syscall.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/syscall.go -------------------------------------------------------------------------------- /pkg/hooka/unhook.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/pkg/hooka/unhook.go -------------------------------------------------------------------------------- /shellcode/asm_x64.s: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/asm_x64.s -------------------------------------------------------------------------------- /shellcode/createprocess.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/createprocess.go -------------------------------------------------------------------------------- /shellcode/createremotethread.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/createremotethread.go -------------------------------------------------------------------------------- /shellcode/enumsystemlocales.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/enumsystemlocales.go -------------------------------------------------------------------------------- /shellcode/etwpcreateetwthread.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/etwpcreateetwthread.go -------------------------------------------------------------------------------- /shellcode/exports.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/exports.go -------------------------------------------------------------------------------- /shellcode/fibers.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/fibers.go -------------------------------------------------------------------------------- /shellcode/no-rwx.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/no-rwx.go -------------------------------------------------------------------------------- /shellcode/ntcreatethreadex.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/ntcreatethreadex.go -------------------------------------------------------------------------------- /shellcode/ntqueueapcthreadex.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/ntqueueapcthreadex.go -------------------------------------------------------------------------------- /shellcode/processhollowing.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/processhollowing.go -------------------------------------------------------------------------------- /shellcode/queueuserapc.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/queueuserapc.go -------------------------------------------------------------------------------- /shellcode/rtlcreateuserthread.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/rtlcreateuserthread.go -------------------------------------------------------------------------------- /shellcode/uuidfromstring.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/shellcode/uuidfromstring.go -------------------------------------------------------------------------------- /utils/3des.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/3des.go -------------------------------------------------------------------------------- /utils/aes.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/aes.go -------------------------------------------------------------------------------- /utils/data.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/data.go -------------------------------------------------------------------------------- /utils/dll.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/dll.go -------------------------------------------------------------------------------- /utils/hashes.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/hashes.go -------------------------------------------------------------------------------- /utils/pe_info.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/pe_info.go -------------------------------------------------------------------------------- /utils/privs_windows.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/privs_windows.go -------------------------------------------------------------------------------- /utils/rand.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/rand.go -------------------------------------------------------------------------------- /utils/rc4.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/rc4.go -------------------------------------------------------------------------------- /utils/shellcode.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/shellcode.go -------------------------------------------------------------------------------- /utils/xor.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/D3Ext/Hooka/HEAD/utils/xor.go --------------------------------------------------------------------------------