My implementation of Halo's Gate technique in C#
☆54Apr 20, 2022Updated 3 years ago
Alternatives and similar repositories for SharpHalos
Users that are interested in SharpHalos are comparing it to the libraries listed below
Sorting:
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- One gate to all syscalls!☆23Mar 12, 2022Updated 3 years ago
- Extracting Syscall Stub, Modernized☆65Apr 2, 2022Updated 3 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 3 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆55Mar 3, 2022Updated 3 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- C# Based Universal API Unhooker☆411Feb 18, 2022Updated 4 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- ☆72Aug 2, 2022Updated 3 years ago
- ☆10Jan 17, 2022Updated 4 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆147Jun 2, 2022Updated 3 years ago
- ☆121Dec 23, 2022Updated 3 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original�…☆97Sep 26, 2019Updated 6 years ago
- C# Port of LdapRelayScan☆91Nov 26, 2025Updated 3 months ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆136Dec 20, 2022Updated 3 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago
- Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.☆169Jan 25, 2024Updated 2 years ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- Reimplementation of the KExecDD DSE bypass technique.☆58Sep 7, 2024Updated last year
- ☆126Jun 28, 2023Updated 2 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Get fresh Syscalls from a fresh ntdll.dll copy☆235Jan 28, 2022Updated 4 years ago
- A small NtCreateUserProcess PoC that spawns a Command prompt.☆102Aug 25, 2022Updated 3 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆202Aug 2, 2023Updated 2 years ago
- Nim version of MDSec's Parallel Syscall PoC☆123Jan 14, 2022Updated 4 years ago
- SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#☆66Aug 29, 2023Updated 2 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆418Jan 27, 2024Updated 2 years ago
- Library of BOFs to interact with SQL servers☆16Dec 6, 2024Updated last year
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- Convert Empire profiles to Apache mod_rewrite scripts☆29Sep 17, 2019Updated 6 years ago
- Example of using Sleep to create better named pipes.☆41Jul 25, 2023Updated 2 years ago
- Rewrote HellsGate in C# for fun and learning☆86Feb 10, 2022Updated 4 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆144Feb 23, 2022Updated 4 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago