SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in a Windows x64 environment.
☆14Dec 8, 2024Updated last year
Alternatives and similar repositories for SysCalling
Users that are interested in SysCalling are comparing it to the libraries listed below
Sorting:
- ☆36Aug 21, 2024Updated last year
- Kernel R&D | SysWhispers & HellsGate Successor, fully modular Indirect & Direct Syscall Framework - EDR/AV/AC Capability Platform☆37Updated this week
- 批量生成修改的图标+数字签名+详细说明后的PE文件☆19Aug 20, 2024Updated last year
- 哥斯拉Godzilla定制化插件,接收恶意类Base64编码与恶意类类名进行实例化,达到注入任意类型内存马的目的。☆44Dec 30, 2025Updated 2 months ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆48Nov 2, 2025Updated 3 months ago
- BOF to run PE in Cobalt Strike Beacon without console creation☆186Nov 23, 2025Updated 3 months ago
- A method to execute syscalls while bypassing EDR's function hooking and call stack analysis.☆24Apr 24, 2025Updated 10 months ago
- BOF template with boflink and mutator kit support☆49Jan 8, 2026Updated last month
- ☆64Dec 19, 2024Updated last year
- Execute commands, in/exfiltrate files using your custom RPC Server☆65Jan 13, 2026Updated last month
- ☆29May 10, 2024Updated last year
- This project is move advanced version of https://github.com/WKL-Sec/HiddenDesktop☆50Jan 11, 2026Updated last month
- CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)☆31Dec 31, 2021Updated 4 years ago
- Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.☆36Apr 24, 2025Updated 10 months ago
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆298Jul 31, 2024Updated last year
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆70Dec 26, 2025Updated 2 months ago
- 方便自己搭建codeql环境和数据库的工具。☆64Aug 16, 2025Updated 6 months ago
- 对JNDIbypass工具进行二次开发☆15Dec 25, 2024Updated last year
- Updated version of a long known self deletion technique to work with 24H2.☆61Jun 9, 2025Updated 8 months ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆32Nov 1, 2023Updated 2 years ago
- jeecgBoot漏洞利用工具☆47Feb 1, 2025Updated last year
- ☆10Updated this week
- Binary Hollowing☆94Sep 10, 2024Updated last year
- sideloading PoC using onedrive.exe & version.dll☆91Oct 30, 2025Updated 4 months ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆90Oct 13, 2024Updated last year
- (EDR) Dll Unhooking = kernel32.dll, kernelbase.dll, ntdll.dll, user32.dll, apphelp.dll, msvcrt.dll.☆51May 22, 2025Updated 9 months ago
- Cobalt Strike BOF for beacon/shellcode injection using fork & run technique with Draugr synthetic stack frames☆152Nov 23, 2025Updated 3 months ago
- Remote DLL Injection with Timer-based Shellcode Execution☆154Jul 18, 2025Updated 7 months ago
- ☆108Aug 21, 2024Updated last year
- string/file/shellcode encryptor using AES/XOR☆11Oct 15, 2023Updated 2 years ago
- ☆18Feb 13, 2026Updated 2 weeks ago
- 内存加载FRP☆10Sep 11, 2023Updated 2 years ago
- ☆15Jul 21, 2025Updated 7 months ago
- Ready-made Windows Sandbox launch profiles and scripts that automate the routine☆18Feb 1, 2023Updated 3 years ago
- Mooder是一款开源、安全、简洁、强大的团队内部知识分享平台。☆15Jul 3, 2025Updated 7 months ago
- 在Java安全学习过程中的笔记和代码☆78Feb 18, 2026Updated last week
- Exploitation of echo_driver.sys☆170Sep 16, 2023Updated 2 years ago
- A Tool that aims to evade av with binary padding☆161Jun 28, 2024Updated last year
- a BOF implementation of various registry persistence methods☆94Nov 11, 2025Updated 3 months ago