A repository filled with ideas to break/detect direct syscall techniques
☆26Apr 21, 2022Updated 3 years ago
Alternatives and similar repositories for Breaking-Detecting-Direct-Syscall-Techniques
Users that are interested in Breaking-Detecting-Direct-Syscall-Techniques are comparing it to the libraries listed below
Sorting:
- One gate to all syscalls!☆23Mar 12, 2022Updated 3 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- My implementation of Halo's Gate technique in C#☆54Apr 20, 2022Updated 3 years ago
- CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"☆50Mar 2, 2022Updated 4 years ago
- ☆23May 28, 2021Updated 4 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- Disable PPL via custom driver and dump lsass☆15Mar 13, 2021Updated 4 years ago
- ☆16May 20, 2022Updated 3 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- Reverse TCP Powershell has never been this paranoid. (basically an Opsec-safe reverse powershell)☆30Feb 4, 2022Updated 4 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Bypass Windows defender syscall☆18Jul 17, 2021Updated 4 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 3 years ago
- Patch AMSI and ETW in remote process via direct syscall☆85Apr 28, 2022Updated 3 years ago
- Get your data from the resource section manually, with no need for windows apis☆67Oct 22, 2024Updated last year
- Cobalt Strike BOF that uses a custom ASM HalosGate & HellsGate syscaller to return a list of processes☆107Mar 8, 2023Updated 2 years ago
- Just another casual shellcode native loader☆25Feb 3, 2022Updated 4 years ago
- ☆42Apr 22, 2021Updated 4 years ago
- Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.☆99Jul 7, 2020Updated 5 years ago
- Piece of code to detect and remove hooks in IAT☆65May 30, 2022Updated 3 years ago
- C# Based Universal API Unhooker☆411Feb 18, 2022Updated 4 years ago
- Extracting Syscall Stub, Modernized☆65Apr 2, 2022Updated 3 years ago
- C# code to Sandbox Defender (and most probably other AV/EDRs).☆167Apr 22, 2022Updated 3 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- ☆135Jun 28, 2023Updated 2 years ago
- Dump Citrix Secure Access auth cookie from the process memory☆76Jun 24, 2022Updated 3 years ago
- Unhooks Bit Defender from NTDLL and KERNELBASE using a classic technique.☆58Jun 23, 2023Updated 2 years ago
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆25Mar 26, 2020Updated 5 years ago
- ☆10Jan 17, 2022Updated 4 years ago
- References, tools and sample payloads☆11Sep 16, 2016Updated 9 years ago
- A C# implementation that disables Windows Firewall bypassing UAC☆17Oct 23, 2024Updated last year
- Shellcode异或加密工具☆12Mar 23, 2017Updated 8 years ago
- Tartocitron is a repo to have fun with malwares and the Rust language. This repo provides working examples of dropper written in Rust.☆11May 31, 2022Updated 3 years ago
- Poc of using youtube comments for C2 communications☆10Jul 6, 2021Updated 4 years ago