Flawww / NtSyscaller
Manually perform syscalls without going through any external API or DLL.
☆17Updated last year
Related projects ⓘ
Alternatives and complementary repositories for NtSyscaller
- Small tool to play with IOCs caused by Imageload events☆38Updated last year
- ☆27Updated 4 months ago
- ☆15Updated 3 years ago
- ☆27Updated 2 years ago
- API Hammering with C++20☆34Updated 2 years ago
- Process Injection: APC Injection☆27Updated 3 years ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆14Updated 4 months ago
- Research of modifying exported function names at runtime (C/C++, Windows)☆16Updated 5 months ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆28Updated 2 years ago
- Six cases demonstrating methods of optimizing GetProcAddress☆17Updated 2 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆24Updated last year
- ☆26Updated last month
- Next gen process injection technique☆42Updated 4 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆42Updated last year
- Clone running process with ZwCreateProcess☆58Updated 4 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆31Updated 3 years ago
- ☆20Updated 3 years ago
- ☆17Updated 3 years ago
- An example of COM hijacking using a proxy DLL.☆25Updated 3 years ago
- Repository of Microsoft Driver Block Lists based off of OS-builds☆39Updated 7 months ago
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆24Updated 5 months ago
- ☆21Updated 6 months ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆49Updated last year
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆31Updated 2 years ago
- really ?☆12Updated 8 months ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69Updated last year
- kernel to user mode APC injector☆43Updated 2 years ago
- Code injection via ZwCreateSection, ZwUnmapViewOfSection. C++ example☆16Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆42Updated 2 months ago