My implementation of Halo's Gate technique in C#
☆55Apr 20, 2022Updated 4 years ago
Alternatives and similar repositories for SharpHalos
Users that are interested in SharpHalos are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 4 years ago
- One gate to all syscalls!☆23Mar 12, 2022Updated 4 years ago
- Extracting Syscall Stub, Modernized☆65Apr 2, 2022Updated 4 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆55Mar 3, 2022Updated 4 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 4 years ago
- C# Based Universal API Unhooker☆408Feb 18, 2022Updated 4 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 3 years ago
- ☆10Jan 17, 2022Updated 4 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆138Dec 20, 2022Updated 3 years ago
- ☆71Aug 2, 2022Updated 3 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆148Jun 2, 2022Updated 4 years ago
- ☆121Dec 23, 2022Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆205Jun 6, 2024Updated 2 years ago
- Rewrote HellsGate in C# for fun and learning☆85Feb 10, 2022Updated 4 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆91Dec 15, 2022Updated 3 years ago
- ☆131Jun 28, 2023Updated 2 years ago
- Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.☆171Jan 25, 2024Updated 2 years ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- The code is a pingback to the Dark Vortex blog:☆189Jan 26, 2023Updated 3 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆96Sep 26, 2019Updated 6 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- C# Port of LdapRelayScan☆94Nov 26, 2025Updated 6 months ago
- ☆165Apr 17, 2024Updated 2 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆61Sep 7, 2024Updated last year
- TokenCert☆104Nov 15, 2024Updated last year
- HookDetection☆45Sep 3, 2021Updated 4 years ago
- Get fresh Syscalls from a fresh ntdll.dll copy☆232Jan 28, 2022Updated 4 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 4 years ago
- Example of using Sleep to create better named pipes.☆41Jul 25, 2023Updated 2 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆204Aug 2, 2023Updated 2 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆142Sep 24, 2021Updated 4 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆419Jan 27, 2024Updated 2 years ago
- Patch AMSI and ETW in remote process via direct syscall☆85Apr 28, 2022Updated 4 years ago
- Nim version of MDSec's Parallel Syscall PoC☆125Apr 4, 2026Updated 2 months ago
- Library of BOFs to interact with SQL servers☆16Dec 6, 2024Updated last year
- Impersonate Tokens using only NTAPI functions☆85Apr 4, 2025Updated last year
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago