AV/EDR evasion via direct and indirect system calls Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64
☆479Mar 7, 2026Updated 2 months ago
Alternatives and similar repositories for SysWhispers4
Users that are interested in SysWhispers4 are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- arm64 linux position-independent shellcode framework☆31Dec 12, 2025Updated 5 months ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆221Dec 17, 2025Updated 5 months ago
- Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagemen…☆151Mar 8, 2026Updated 2 months ago
- A Crystal Palace shared library to resolve & perform syscalls☆61Oct 29, 2025Updated 6 months ago
- Demonstrates consuming from a SecurityTrace ETW session by consuming from the Threat-Intelligence ETW provider without a driver or PPL pr…☆77Jan 19, 2026Updated 4 months ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- AppLocker-Based EDR Neutralization☆337Dec 19, 2025Updated 5 months ago
- A simple POC to show how to chain multiple callbacks via tail calls to artificially construct a call stack☆100Dec 22, 2025Updated 4 months ago
- Cobalt Strike BOF☆56Dec 10, 2025Updated 5 months ago
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated 3 months ago
- Cobaltstrike UDRL with memory evasion☆15May 16, 2024Updated 2 years ago
- BOF to run PE in Cobalt Strike Beacon without console creation☆199Nov 23, 2025Updated 5 months ago
- Crystal Palace library for proxying Nt API calls via the Threadpool. Updated for call gadgets.☆20Nov 11, 2025Updated 6 months ago
- A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself☆95Apr 9, 2026Updated last month
- Audiodg.exe DLL hijacking for LPE with reboot-free restart primitive. Executes code as LOCAL SERVICE, escalates to SYSTEM via Scheduled T…☆92Jan 24, 2026Updated 3 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆21Feb 6, 2024Updated 2 years ago
- An example of how to use Microsoft Windows Warbird technology☆95Apr 23, 2023Updated 3 years ago
- Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack. Implemented in C#, C++, Crystal, P…☆133Feb 17, 2026Updated 3 months ago
- indirect syscalls for AV/EDR evasion in Go assembly☆379Jun 13, 2023Updated 2 years ago
- This repo contains useful scripts that AI created for me which I would have been too lazy for☆95Mar 17, 2026Updated 2 months ago
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆14Apr 2, 2026Updated last month
- Beacon Object File (BOF) port of DumpGuard for extracting NTLMv1 hashes from sessions on modern Windows systems.☆215Jan 6, 2026Updated 4 months ago
- The code I write in my blog☆94May 1, 2026Updated 2 weeks ago
- Active Directory information dumper via ADWS for evasion purposes.☆233Feb 23, 2026Updated 2 months ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆154Apr 18, 2025Updated last year
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆75Dec 26, 2025Updated 4 months ago
- Local Privilege Escalation Affecting Millions of Gaming Laptops☆63Jan 19, 2026Updated 4 months ago
- Scanning tool for identifying local privilege escalation issues in vulnerable MSI installers☆126Sep 12, 2024Updated last year
- Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass☆129Jan 29, 2026Updated 3 months ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,638Jul 31, 2024Updated last year
- Convert your shellcode into an ASCII string☆129Jun 27, 2025Updated 10 months ago
- Cobalt Strike BOF for evasive .NET assembly execution☆319Mar 31, 2025Updated last year
- Cobalt Strike Get clipboard plugin☆15Aug 11, 2023Updated 2 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Generate an obfuscated DLL that will disable AMSI & ETW☆333Jul 15, 2024Updated last year
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆192Jan 17, 2026Updated 4 months ago
- A guide to modern exploit development, shellcode, EDR and WAF bypass, and initial Red Team access.☆29Mar 6, 2026Updated 2 months ago
- NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-bui…☆238Feb 12, 2025Updated last year
- BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)☆197Feb 6, 2025Updated last year
- Internal Monologue BOF☆79Dec 28, 2024Updated last year
- A tool used the Sleep Obfuscation and Memory encrypt technique to evade the anti-virus.A Proof of Concept,only used for study purpose.☆40Aug 29, 2024Updated last year