One gate to all syscalls!
☆23Mar 12, 2022Updated 3 years ago
Alternatives and similar repositories for SysGate
Users that are interested in SysGate are comparing it to the libraries listed below
Sorting:
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- My implementation of Halo's Gate technique in C#☆54Apr 20, 2022Updated 3 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- Extracting Syscall Stub, Modernized☆65Apr 2, 2022Updated 3 years ago
- Just another casual shellcode native loader☆25Feb 3, 2022Updated 4 years ago
- Beacon Object Files (not Buffer Overflows)☆58Mar 6, 2023Updated 2 years ago
- Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.☆18Jan 21, 2022Updated 4 years ago
- ☆121Dec 23, 2022Updated 3 years ago
- Implementation of ITaskHandler in C++☆14Feb 11, 2023Updated 3 years ago
- Reverse TCP Powershell has never been this paranoid. (basically an Opsec-safe reverse powershell)☆30Feb 4, 2022Updated 4 years ago
- Overwrite a process's recovery callback and execute with WER☆102Apr 17, 2022Updated 3 years ago
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆58Feb 2, 2026Updated last month
- Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level☆235Oct 18, 2022Updated 3 years ago
- A PoC project for embedding shellcode to Hint/Name Table☆113May 16, 2022Updated 3 years ago
- List accounts with Service Principal Names (SPN) not linked to active dns records in an Active Directory Domain.☆38Dec 5, 2025Updated 2 months ago
- Your NTDLL vaccine from modern direct syscall methods.☆36Apr 5, 2022Updated 3 years ago
- C# Based Universal API Unhooker☆411Feb 18, 2022Updated 4 years ago
- UUID based Shellcode loader for your favorite C2☆86Dec 8, 2021Updated 4 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 2 years ago
- BOF combination of KillDefender and Backstab☆167Mar 23, 2023Updated 2 years ago
- Running .NET from VBA☆148Feb 11, 2023Updated 3 years ago
- C# implementation of the token privilege removal flaw discovered by @GabrielLandau/Elastic☆144Feb 23, 2022Updated 4 years ago
- ☆48May 12, 2021Updated 4 years ago
- ☆57Apr 19, 2023Updated 2 years ago
- Uses WMI Event Win32_ModuleLoadTrace to monitor module loading. Provides filters, and detailed data. Has an option to monitor for CLR Inj…☆42May 9, 2019Updated 6 years ago
- SLib is a sandbox evasion library that implements some of the checks from https://evasions.checkpoint.com in C#☆66Aug 29, 2023Updated 2 years ago
- Hide memory artifacts using ROP and hardware breakpoints.☆146Oct 20, 2023Updated 2 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- (Hellsgate|Halosgate|Tartarosgate)+Spoofing-Gate. Ensures that all systemcalls go through ntdll.dll☆45Mar 9, 2022Updated 3 years ago
- Beacon Object File implementation of Event Viewer deserialization UAC bypass☆133May 6, 2022Updated 3 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- References, tools and sample payloads☆11Sep 16, 2016Updated 9 years ago
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- ☆15Mar 17, 2025Updated 11 months ago
- SyscallLoader☆11Sep 13, 2021Updated 4 years ago
- Two C# RunPE's capable of x86 and x64 injections☆11Dec 2, 2018Updated 7 years ago
- A custom run space to bypass AMSI and Constrained Language mode in PowerShell.☆21May 17, 2023Updated 2 years ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆29Oct 29, 2021Updated 4 years ago
- Get fresh Syscalls from a fresh ntdll.dll copy☆235Jan 28, 2022Updated 4 years ago