0xcf80/ShellCodeLoader_Indirect_Syscalls

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/0xcf80/ShellCodeLoader_Indirect_Syscalls)

0xcf80 / ShellCodeLoader_Indirect_Syscalls

Shellcode Loader using indirect syscalls

☆16

Alternatives and similar repositories for ShellCodeLoader_Indirect_Syscalls

Users that are interested in ShellCodeLoader_Indirect_Syscalls are comparing it to the libraries listed below

Sorting:

200ug / airborne
View on GitHub
Shellcode reflective DLL injection in Rust
☆27Dec 26, 2025Updated 2 months ago
RedSiege / Jigsaw
View on GitHub
Hide shellcode by shuffling bytes into a random array and reconstruct at runtime
☆203Mar 26, 2025Updated 11 months ago
MpCmdRun / uac-bypass
View on GitHub
ATL.dll and WmiMgmt.msc UAC Bypass
☆12Apr 26, 2025Updated 10 months ago
amberchalia / fraction_loader
View on GitHub
☆48Oct 14, 2025Updated 4 months ago
The-Viper-One / RedTeam-Pentest-Tools
View on GitHub
☆17Jan 12, 2026Updated last month
mochabyte0x / TrampoLatte
View on GitHub
A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
☆18Jun 26, 2025Updated 8 months ago
rasta-mouse / LibGate
View on GitHub
A Crystal Palace shared library to resolve & perform syscalls
☆56Oct 29, 2025Updated 3 months ago
NVISOsecurity / cs2br-bof
View on GitHub
Run Cobalt Strike BOFs in Brute Ratel C4!
☆86Apr 15, 2025Updated 10 months ago
naksyn / Embedder
View on GitHub
Embedder is a collection of sources in different languages to embed Python interpreter with minimal dependencies
☆122May 29, 2024Updated last year
hwbp / LazyHook
View on GitHub
Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.
☆129Dec 8, 2025Updated 2 months ago
Fudgedotdotdot / nimpersonate
View on GitHub
Impersonate Windows tokens in Nim
☆23Aug 4, 2025Updated 6 months ago
paranoidninja / PI-Tracker
View on GitHub
A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback …
☆14Oct 21, 2024Updated last year
yamakadi / ldr
View on GitHub
A work in progress BOF/COFF loader in Rust
☆50Mar 22, 2023Updated 2 years ago
MaorSabag / Adaptix-StealthPalace
View on GitHub
Crystal Palace RDLL loader for Adaptix C2 with Ekko sleep obfuscation, IAT hooking via PICO, and per-section permission restoration
☆65Updated this week
IceCubeSandwich / chronix
View on GitHub
A self-hosted, real-time collaborative workspace for offensive security assessments.
☆41Feb 20, 2026Updated last week
CognisysGroup / HadesLdr
View on GitHub
Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
☆293Jul 15, 2023Updated 2 years ago
rxOred / process-hollowing
View on GitHub
process hollowing variant using NtCreateSection + NtMapViewOfSection + ResumeThread
☆31Jan 9, 2022Updated 4 years ago
Octoberfest7 / Proxy_Egress_Persistence
View on GitHub
A post-exploitation strategy for persistence and egress from networks utilizing authenticated web proxies
☆34Sep 15, 2022Updated 3 years ago
joaoviictorti / rustbof
View on GitHub
A Rust template for writing Beacon Object Files (BOFs)
☆100Feb 11, 2026Updated 2 weeks ago
dmcxblue / SharpHIBP
View on GitHub
A C# Tool to gather information about email breaches
☆16Dec 21, 2023Updated 2 years ago
MaorSabag / fileSearcher
View on GitHub
A simple BOF (Beacon Object File) to search files in the system
☆15Dec 2, 2023Updated 2 years ago
cybernomad1 / NimJection
View on GitHub
Nim Shellcode Injector
☆15Jan 24, 2021Updated 5 years ago
S3cur3Th1sSh1t / nim-strenc
View on GitHub
string encryption in Nim
☆20Jun 15, 2024Updated last year
vysecurity / PacketParser
View on GitHub
A cap/pcap packet parser to make life easier when performing stealth/passive reconnaissance.
☆22Jul 17, 2024Updated last year
dobin / defender2yara
View on GitHub
Convert Microsoft Defender Antivirus Signatures (VDM) into a SQL DB
☆24Jun 27, 2025Updated 8 months ago
rasta-mouse / SpawnWith
View on GitHub
☆109Feb 17, 2025Updated last year
winterknife / EVENSTAR
View on GitHub
Intel 64/Windows low-level experiments
☆63Aug 25, 2025Updated 6 months ago
backdoorskid / ClrAmsiScanPatcher
View on GitHub
Patches the AmsiScan function in clr.dll allowing for unrestricted assembly loading in .NET
☆50May 5, 2025Updated 9 months ago
hlldz / misc
View on GitHub
miscellaneous codes
☆36Sep 24, 2023Updated 2 years ago
Teach2Breach / NtCreateUserProcess_rs
View on GitHub
example using NtCreateUserProcess in rust
☆19Jan 20, 2025Updated last year
Meckazin / HidingFromETW
View on GitHub
PoC for detecting and evading ETW detection of .Net Assembly.Load
☆21Aug 26, 2020Updated 5 years ago
TwoSevenOneT / Windows-Defender-Manager
View on GitHub
Windows Defender Manager is a tool that helps stop Windows Defender. It works with the Antimalware Service Executable of all versions of …
☆43Jan 18, 2025Updated last year
xRedCodex / BofArsenal
View on GitHub
The most extensive collection of BOFs (Beacon Object Files) tailored for Red Teams using C++23
☆23Jun 19, 2025Updated 8 months ago
ANYLNK / STProcessMonitorBYOVD
View on GitHub
The PoC for CVE-2025-70795 / CVE-2026-0828 and its update
☆37Feb 16, 2026Updated last week
ricardojoserf / NativeTokenImpersonate
View on GitHub
Impersonate Tokens using only NTAPI functions
☆84Apr 4, 2025Updated 10 months ago
nullenc0de / trust-validator
View on GitHub
Validates priv escalation of AD trusts
☆48Apr 1, 2025Updated 10 months ago
cbrnrd / maliketh
View on GitHub
🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python
☆45Feb 6, 2026Updated 3 weeks ago
ewby / Mockingjay_BOF
View on GitHub
Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
☆158Nov 7, 2023Updated 2 years ago
JeanBonBeurre34 / cc-agent
View on GitHub
☆28Feb 11, 2026Updated 2 weeks ago