NUL0x4C / Syscallslib
a library that automates some clean syscalls to make it easier to implement
☆82Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for Syscallslib
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆86Updated 2 years ago
- ☆44Updated 2 years ago
- Beacon Object File allowing creation of Beacons in different sessions.☆76Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆97Updated 2 years ago
- ☆105Updated last year
- ☆35Updated last year
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆77Updated 2 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆127Updated 2 years ago
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆134Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader feature☆94Updated last year
- This is my own implementation of the Perun's Fart technique by Sektor7☆66Updated 2 years ago
- LdrLoadDll Unhooking☆120Updated 2 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆77Updated last year
- I have documented all of the AMSI patches that I learned till now☆68Updated last year
- Sleep Obfuscation☆41Updated 2 years ago
- It's pointy and it hurts!☆122Updated 2 years ago
- Execute a payload at each right click on a file/folder in the explorer menu for persistence☆165Updated last year
- A simple BOF that frees UDRLs☆108Updated 2 years ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆159Updated last year
- Get your data from the resource section manually, with no need for windows apis☆53Updated 2 weeks ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆67Updated 8 months ago
- TypeLib persistence technique☆68Updated 2 weeks ago