My implementation of Halo's Gate technique in C#
☆54Apr 20, 2022Updated 3 years ago
Alternatives and similar repositories for SharpHalos
Users that are interested in SharpHalos are comparing it to the libraries listed below
Sorting:
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- One gate to all syscalls!☆23Mar 12, 2022Updated 4 years ago
- Extracting Syscall Stub, Modernized☆65Apr 2, 2022Updated 3 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆55Mar 3, 2022Updated 4 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 3 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- C# Based Universal API Unhooker☆409Feb 18, 2022Updated 4 years ago
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- ☆10Jan 17, 2022Updated 4 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆136Dec 20, 2022Updated 3 years ago
- ☆72Aug 2, 2022Updated 3 years ago
- A tool for converting SysWhispers3 syscalls for use with Nim projects☆148Jun 2, 2022Updated 3 years ago
- ☆121Dec 23, 2022Updated 3 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆203Jun 6, 2024Updated last year
- Rewrote HellsGate in C# for fun and learning☆86Feb 10, 2022Updated 4 years ago
- Proof of Concept code and samples presenting emerging threat of MSI installer files.☆90Dec 15, 2022Updated 3 years ago
- ☆125Jun 28, 2023Updated 2 years ago
- Dynamically invoke arbitrary unmanaged code from managed code without P/Invoke.☆171Jan 25, 2024Updated 2 years ago
- C# Reflective loader for unmanaged binaries.☆446Jan 25, 2023Updated 3 years ago
- The code is a pingback to the Dark Vortex blog:☆186Jan 26, 2023Updated 3 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆97Sep 26, 2019Updated 6 years ago
- ☆160Apr 17, 2024Updated last year
- C# Port of LdapRelayScan☆91Nov 26, 2025Updated 3 months ago
- Reimplementation of the KExecDD DSE bypass technique.☆59Sep 7, 2024Updated last year
- TokenCert☆102Nov 15, 2024Updated last year
- HookDetection☆45Sep 3, 2021Updated 4 years ago
- Get fresh Syscalls from a fresh ntdll.dll copy☆234Jan 28, 2022Updated 4 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- Example of using Sleep to create better named pipes.☆41Jul 25, 2023Updated 2 years ago
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆203Aug 2, 2023Updated 2 years ago
- A faithful transposition of the key features/functionality of @itm4n's PPLDump project as a BOF.☆143Sep 24, 2021Updated 4 years ago
- An other No-Fix LPE, NTLMRelay2Self over HTTP (Webdav).☆418Jan 27, 2024Updated 2 years ago
- Patch AMSI and ETW in remote process via direct syscall☆85Apr 28, 2022Updated 3 years ago
- Nim version of MDSec's Parallel Syscall PoC☆124Jan 14, 2022Updated 4 years ago
- Library of BOFs to interact with SQL servers☆16Dec 6, 2024Updated last year
- Impersonate Tokens using only NTAPI functions☆84Apr 4, 2025Updated 11 months ago
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago