GetRektBoy724/Breaking-Detecting-Direct-Syscall-Techniques external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

GetRektBoy724/Breaking-Detecting-Direct-Syscall-Techniques

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/GetRektBoy724/Breaking-Detecting-Direct-Syscall-Techniques)

Close

GetRektBoy724 / Breaking-Detecting-Direct-Syscall-TechniquesView on GitHubMore

• External links
• Readme badge

A repository filled with ideas to break/detect direct syscall techniques

☆26Apr 21, 2022Updated 3 years ago

Alternatives and similar repositories for Breaking-Detecting-Direct-Syscall-Techniques

Users that are interested in Breaking-Detecting-Direct-Syscall-Techniques are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• GetRektBoy724 / SysGate

  View on GitHub
  One gate to all syscalls!
  ☆23Mar 12, 2022Updated 4 years ago
• GetRektBoy724 / HalosUnhooker

  View on GitHub
  Halos Gate-based NTAPI Unhooker
  ☆52Apr 21, 2022Updated 3 years ago
• GetRektBoy724 / NiceTryDLL

  View on GitHub
  Nice try reading NTDLL from disk, nerd.
  ☆19Apr 18, 2022Updated 3 years ago
• GetRektBoy724 / SharpHalos

  View on GitHub
  My implementation of Halo's Gate technique in C#
  ☆54Apr 20, 2022Updated 3 years ago
• aniqfakhrul / certifried.py

  View on GitHub
  ☆16May 20, 2022Updated 3 years ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• GetRektBoy724 / ReversePowernoid

  View on GitHub
  Reverse TCP Powershell has never been this paranoid. (basically an Opsec-safe reverse powershell)
  ☆30Feb 4, 2022Updated 4 years ago
• alal4465 / HeavensGateHook

  View on GitHub
  Hooking Heavens Gate in a weekend
  ☆13Jan 1, 2022Updated 4 years ago
• RedTeamOperations / Detecting-Adversarial-Tradecrafts-Tools-by-leveraging-ETW

  View on GitHub
  CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"
  ☆50Mar 2, 2022Updated 4 years ago
• passthehashbrowns / hook-integrity-checks

  View on GitHub
  ☆23May 28, 2021Updated 4 years ago
• latortuga71 / DisablePPLDriverPoc

  View on GitHub
  Disable PPL via custom driver and dump lsass
  ☆15Mar 13, 2021Updated 5 years ago
• zimnyaa / noWatch

  View on GitHub
  Implant drop-in for EDR testing
  ☆147Nov 15, 2023Updated 2 years ago
• Hagrid29 / RemotePatcher

  View on GitHub
  Patch AMSI and ETW in remote process via direct syscall
  ☆85Apr 28, 2022Updated 3 years ago
• janoglezcampos / c_syscalls

  View on GitHub
  Single stub direct and indirect syscalling with runtime SSN resolving for windows.
  ☆140Sep 12, 2022Updated 3 years ago
• GetRektBoy724 / TripleS

  View on GitHub
  Extracting Syscall Stub, Modernized
  ☆65Apr 2, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• pwn1sher / RTImplant

  View on GitHub
  Just another casual shellcode native loader
  ☆25Feb 3, 2022Updated 4 years ago
• deepinstinct / AMSI-Unchained

  View on GitHub
  Unchain AMSI by patching the provider’s unmonitored memory space
  ☆91Nov 24, 2022Updated 3 years ago
• NVISOsecurity / Interceptor

  View on GitHub
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
  ☆135Jan 2, 2023Updated 3 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆266Nov 18, 2022Updated 3 years ago
• Mantraufo / KanonSys

  View on GitHub
  Bypass Windows defender syscall
  ☆18Jul 17, 2021Updated 4 years ago
• klezVirus / DCKFinder

  View on GitHub
  Dangling COM Keys Finder
  ☆17Nov 16, 2021Updated 4 years ago
• GetRektBoy724 / SyscallShuffler

  View on GitHub
  Your NTDLL vaccine from modern direct syscall methods.
  ☆36Apr 5, 2022Updated 3 years ago
• jsecu / ElevatedEvents

  View on GitHub
  ☆30Nov 7, 2022Updated 3 years ago
• pwn1sher / uuid-loader

  View on GitHub
  UUID based Shellcode loader for your favorite C2
  ☆86Dec 8, 2021Updated 4 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• timwhitez / Doge-Unhook

  View on GitHub
  DLL Unhooking
  ☆12Mar 26, 2021Updated 5 years ago
• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• GetRektBoy724 / SharpUnhooker

  View on GitHub
  C# Based Universal API Unhooker
  ☆409Feb 18, 2022Updated 4 years ago
• NUL0x4C / ManualRsrcDataFetching

  View on GitHub
  Get your data from the resource section manually, with no need for windows apis
  ☆67Oct 22, 2024Updated last year
• boku7 / halosgate-ps

  View on GitHub
  Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes
  ☆107Mar 8, 2023Updated 3 years ago
• plackyhacker / Unhook-BitDefender

  View on GitHub
  Unhooks Bit Defender from NTDLL and KERNELBASE using a classic technique.
  ☆57Jun 23, 2023Updated 2 years ago
• passthehashbrowns / suspendedunhook

  View on GitHub
  ☆42Apr 22, 2021Updated 4 years ago
• Kara-4search / HellgateLoader_CSharp

  View on GitHub
  Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.
  ☆18Jan 21, 2022Updated 4 years ago
• soufianetahiri / CitrixSecureAccessAuthCookieDump

  View on GitHub
  Dump Citrix Secure Access auth cookie from the process memory
  ☆76Jun 24, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• thefLink / C-To-Shellcode-Examples

  View on GitHub
  ☆209Mar 22, 2021Updated 5 years ago
• bharadwajyas / ppdump-public

  View on GitHub
  Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…
  ☆25Mar 26, 2020Updated 6 years ago
• zimawhit3 / DynimicGhostWriting

  View on GitHub
  Windows x64 Process Injection via Ghostwriting with Dynamic Configuration
  ☆29Oct 29, 2021Updated 4 years ago
• jackullrich / Windows-API-Fuzzer

  View on GitHub
  Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.
  ☆99Jul 7, 2020Updated 5 years ago
• roberreigada / LsassUnhooker

  View on GitHub
  Little program written in C# to bypass EDR hooks and dump the content of the lsass process
  ☆61Jun 24, 2021Updated 4 years ago
• Deputation / instrumentation_callbacks

  View on GitHub
  A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.
  ☆158Nov 14, 2021Updated 4 years ago
• plackyhacker / SandboxDefender

  View on GitHub
  C# code to Sandbox Defender (and most probably other AV/EDRs).
  ☆167Apr 22, 2022Updated 3 years ago