Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swapping without memory or assembly allocation.
☆115Oct 30, 2025Updated 3 months ago
Alternatives and similar repositories for Ebyte-Syscalls
Users that are interested in Ebyte-Syscalls are comparing it to the libraries listed below
Sorting:
- Obex – Blocking unwanted DLLs in user mode☆281Sep 18, 2025Updated 5 months ago
- Crystal Palace library for proxying Nt API calls via the Threadpool☆99Oct 18, 2025Updated 4 months ago
- Locate dlls and function addresses without PEB Walk and EAT parsing☆104Nov 7, 2025Updated 3 months ago
- A Mythic agent for Windows written in C☆156Updated this week
- Generate Proxy DLLs in Rust☆47Sep 2, 2025Updated 5 months ago
- Linker for Beacon Object Files☆155Updated this week
- Detect BypassUAC using AMSI☆29Feb 18, 2025Updated last year
- Driver Reverse & Exploitation☆82Sep 4, 2025Updated 5 months ago
- ☆36Nov 8, 2024Updated last year
- Heap encryption in Nim☆20Aug 25, 2024Updated last year
- ☆139Jan 16, 2025Updated last year
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 10 months ago
- a demo module for the kaine agent to execute and inject assembly modules☆41Aug 28, 2024Updated last year
- Boilerplate to develop raw and truly Position Independent Code (PIC).☆117Jan 20, 2025Updated last year
- Run native PE or .NET executables entirely in-memory. Build the loader as an .exe or .dll—DllMain is Cobalt Strike UDRL-compatible☆270Jun 18, 2025Updated 8 months ago
- Leaking kernel addresses from ETW consumers. Requires Administrator privileges.☆91Nov 6, 2025Updated 3 months ago
- Windows User-Mode Shellcode Development Framework (WUMSDF)☆125Nov 17, 2025Updated 3 months ago
- Zero dependency browser extension for handling import of cookies, Microsoft 365 OAuth tokens, and Graph API interactions.☆23Dec 31, 2025Updated last month
- ☆21Jan 8, 2026Updated last month
- Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls☆217Aug 31, 2025Updated 5 months ago
- Threadless Module Stomping In Rust with some features (In memory of those murdered in the Nova party massacre)☆258Jun 29, 2024Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆195Feb 6, 2025Updated last year
- proper ntdll .text section unhooking via native api. unlike other unhookers this doesnt leave 2 ntdlls loaded. x86/x64/wow64 supported.☆52Dec 9, 2025Updated 2 months ago
- ☆55Nov 18, 2025Updated 3 months ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆93Jul 7, 2025Updated 7 months ago
- COM-based DLL Surrogate Injection☆142Dec 9, 2025Updated 2 months ago
- A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…☆340Oct 7, 2024Updated last year
- A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …☆334Mar 6, 2025Updated 11 months ago
- ☆61Oct 24, 2025Updated 4 months ago
- A different approach to writing BOFs in rust.☆19Aug 20, 2025Updated 6 months ago
- Blog/Journal on how to backdoor VSCode extensions☆76Updated this week
- Weaponizing DCOM for NTLM Authentication Coercions☆197Nov 4, 2025Updated 3 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆136Apr 18, 2025Updated 10 months ago
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆185Oct 29, 2025Updated 3 months ago
- A slightly more fun way to disable windows defender☆52May 4, 2025Updated 9 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆297Jul 31, 2024Updated last year
- Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking☆436Jun 27, 2025Updated 8 months ago
- Minimalistic HTTP(S) client for the NT kernel☆62Dec 1, 2025Updated 2 months ago
- kASLR bypass technique on Intel CPUs.☆32May 18, 2025Updated 9 months ago