Maldev-Academy/TrapFlagForSyscalling external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Maldev-Academy/TrapFlagForSyscalling

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Maldev-Academy/TrapFlagForSyscalling)

Close

Maldev-Academy / TrapFlagForSyscallingView on GitHubMore

• External links
• Readme badge

Bypass user-land hooks by syscall tampering via the Trap Flag

☆138Aug 25, 2025Updated 6 months ago

Alternatives and similar repositories for TrapFlagForSyscalling

Users that are interested in TrapFlagForSyscalling are comparing it to the libraries listed below

• Maldev-Academy / HookingLsassForCredentials

  View on GitHub
  Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
  ☆54May 12, 2025Updated 9 months ago
• silentwarble / hbin_template

  View on GitHub
  Post-Ex BOF tooling for Hannibal
  ☆24Nov 20, 2024Updated last year
• outflanknl / seccomp-notify-injection

  View on GitHub
  Linux Process Injection via Seccomp Notifier
  ☆84Dec 9, 2025Updated 2 months ago
• Cracked5pider / earlycascade-injection

  View on GitHub
  early cascade injection PoC based on Outflanks blog post
  ☆237Nov 7, 2024Updated last year
• Teach2Breach / dll2shell

  View on GitHub
  converts sRDI compatible dlls to shellcode
  ☆35Jan 20, 2025Updated last year
• JayGLXR / Rusty-Stardust

  View on GitHub
  A modern Rust implementation of the original Stardust project, providing a sophisticated 32/64-bit shellcode template that features posit…
  ☆59Mar 17, 2025Updated 11 months ago
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆68Jan 11, 2026Updated last month
• Sh3lldon / HellsVectoredGate

  View on GitHub
  ☆54Oct 13, 2025Updated 4 months ago
• Tw1sm / list-wam-accounts

  View on GitHub
  List web account manager (WAM) accounts added to the current profile
  ☆22Dec 11, 2025Updated 2 months ago
• kr0tt / EarlyExceptionHandling

  View on GitHub
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆137Aug 31, 2025Updated 6 months ago
• Teach2Breach / early_cascade_inj_rs

  View on GitHub
  early cascade injection PoC based on Outflanks blog post, in rust
  ☆62Nov 8, 2024Updated last year
• dmcxblue / WSL-Payloads

  View on GitHub
  A small How-To on creating your own weaponized WSL file
  ☆121Jul 23, 2025Updated 7 months ago
• caueb / ThreadlessStompingKann

  View on GitHub
  Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
  ☆79Dec 23, 2023Updated 2 years ago
• wwh1004 / AmsiBypassUacDetector

  View on GitHub
  Detect BypassUAC using AMSI
  ☆29Feb 18, 2025Updated last year
• TwoSevenOneT / CreateProcessAsPPL

  View on GitHub
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆295Nov 1, 2025Updated 4 months ago
• klezVirus / RAIWhateverTrigger

  View on GitHub
  Local SYSTEM auth trigger for relaying - X
  ☆155Jul 23, 2025Updated 7 months ago
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆186Jan 17, 2026Updated last month
• Friends-Security / RedirectThread

  View on GitHub
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆199Jun 17, 2025Updated 8 months ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• zyn3rgy / smbtakeover

  View on GitHub
  BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions
  ☆346Nov 19, 2024Updated last year
• WKL-Sec / LayeredSyscall

  View on GitHub
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆298Jul 31, 2024Updated last year
• kleiton0x00 / RtlHijack

  View on GitHub
  Alternative Read and Write primitives using Rtl* functions the unintended way.
  ☆79Aug 25, 2025Updated 6 months ago
• Maldev-Academy / AlphabeticalPolyShellGen

  View on GitHub
  Generate an Alphabetical Polymorphic Shellcode
  ☆138Aug 19, 2025Updated 6 months ago
• Teach2Breach / moonwalk

  View on GitHub
  find dll base addresses without PEB WALK
  ☆160Jul 13, 2025Updated 7 months ago
• eladshamir / BadWindowsService

  View on GitHub
  An insecurely implemented and installed Windows service for emulating elevation of privileges vulnerabilities
  ☆63Aug 25, 2022Updated 3 years ago
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆230Oct 30, 2025Updated 4 months ago
• Hagrid29 / BOF-DCOMPotato-PrintNotify

  View on GitHub
  Cobalt Strike Beacon Object File (BOF) that obtain SYSTEM privilege with SeImpersonate privilege by passing a malicious IUnknwon object t…
  ☆97Mar 20, 2023Updated 2 years ago
• ameenalkerdy / ETWShellcodeLoader

  View on GitHub
  Shellcode Loader Utilizing ETW Events
  ☆67Feb 26, 2025Updated last year
• akamai / Mirage

  View on GitHub
  Mirage is a PoC memory evasion technique that relies on a vulnerable VBS enclave to hide shellcode within VTL1.
  ☆104Feb 25, 2025Updated last year
• silentwarble / PIC-Library

  View on GitHub
  A collection of position independent coding resources
  ☆107Nov 15, 2025Updated 3 months ago
• decoder-it / KrbRelayEx-RPC

  View on GitHub
  ☆198Mar 28, 2025Updated 11 months ago
• silentwarble / Hannibal

  View on GitHub
  Mythic C2 Agent written in x64 PIC C
  ☆85Jan 29, 2025Updated last year
• Maldev-Academy / MaldevAcademyLdr.2

  View on GitHub
  RunPE implementation with multiple evasive techniques (2)
  ☆273Sep 25, 2025Updated 5 months ago
• Kryp7os / SharpRBCD

  View on GitHub
  An executable that simplifies adding the msds-AllowedToActOnBehalfOfOtherIdentity attribute for RBCD
  ☆49Mar 10, 2025Updated 11 months ago
• kozmer / sigdream

  View on GitHub
  sigreturn-oriented programming (SROP) based sleep obfuscation poc for Linux
  ☆66Dec 15, 2025Updated 2 months ago
• CCob / SQL-BOF

  View on GitHub
  Library of BOFs to interact with SQL servers
  ☆16Dec 6, 2024Updated last year
• tijme / dittobytes

  View on GitHub
  Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.
  ☆606Feb 2, 2026Updated last month
• Red-Team-SNCF / ceos

  View on GitHub
  ☆30May 23, 2024Updated last year
• grayhatkiller / SharpExShell

  View on GitHub
  SharpExShell automates the DCOM lateral movment technique which abuses ActivateMicrosoftApp method of Excel application.
  ☆75May 1, 2024Updated last year