SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in a Windows x64 environment.
☆14Dec 8, 2024Updated last year
Alternatives and similar repositories for SysCalling
Users that are interested in SysCalling are comparing it to the libraries listed below
Sorting:
- 批量生成修改的图标+数字签名+详细说明后的PE文件☆19Aug 20, 2024Updated last year
- ☆26Jan 10, 2019Updated 7 years ago
- ☆23Jan 9, 2019Updated 7 years ago
- Self-cleaning in-memory PICO loader for Crystal Palace. Automatically erases traces and operates entirely in memory for stealthy payload …☆51Nov 2, 2025Updated 4 months ago
- BOF to run PE in Cobalt Strike Beacon without console creation☆188Nov 23, 2025Updated 3 months ago
- 迫害同学软件☆16Aug 15, 2022Updated 3 years ago
- ☆65Dec 19, 2024Updated last year
- 对JNDIbypass工具进行二次开发☆15Dec 25, 2024Updated last year
- ☆36Aug 21, 2024Updated last year
- A method to execute syscalls while bypassing EDR's function hooking and call stack analysis.☆25Apr 24, 2025Updated 10 months ago
- Simulated PoC for CVE-2025-2783 — a sandbox escape vulnerability in Chrome's Mojo IPC. Includes phishing delivery, memory fuzzing, IPC si…☆31Apr 6, 2025Updated 11 months ago
- Kernel R&D | SysWhispers & HellsGate Successor, fully modular Indirect & Direct Syscall Framework - EDR/AV/AC Capability Platform☆40Mar 1, 2026Updated 2 weeks ago
- Execute commands, in/exfiltrate files using your custom RPC Server☆66Jan 13, 2026Updated 2 months ago
- Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process☆49Mar 15, 2023Updated 3 years ago
- 哥斯拉Godzilla定制化插件,接收恶意类Base64编码与恶意类类名进行实例化,达到注入任意类型内存马的目的。☆44Dec 30, 2025Updated 2 months ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆91Oct 13, 2024Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆301Jul 31, 2024Updated last year
- 内存加载FRP☆10Sep 11, 2023Updated 2 years ago
- ☆29May 10, 2024Updated last year
- Python3写的一个大规模查询权重查询,目前支持单次和大规模站点权重查询和一些企业信息。可以帮助提交漏洞者的主要快速知道是否有无权重以及网站信息来快速提交漏洞。☆17Sep 14, 2021Updated 4 years ago
- a BOF implementation of various registry persistence methods☆95Nov 11, 2025Updated 4 months ago
- BOF template with boflink and mutator kit support☆49Jan 8, 2026Updated 2 months ago
- A browser based visualization of domain trusts. Give it a csv, get a pretty diagram to play with!☆19Jun 16, 2019Updated 6 years ago
- A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow☆18Jun 26, 2025Updated 8 months ago
- Check if your AV/EDR does inline hooking, displays the hooked functions and allows you to compare them with the original ones.☆37Apr 24, 2025Updated 10 months ago
- Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection☆72Dec 26, 2025Updated 2 months ago
- Pritunl Zero Docker image☆18Nov 12, 2025Updated 4 months ago
- CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)☆30Dec 31, 2021Updated 4 years ago
- ☆13Mar 29, 2021Updated 4 years ago
- 免杀shellcode☆14Sep 8, 2021Updated 4 years ago
- 方便自己搭建codeql环境和数据库的工具。☆64Aug 16, 2025Updated 7 months ago
- Log all keyboard and terminal input/output for any app 记录任意程序的键盘输入和终端输入输出☆23Sep 19, 2025Updated 6 months ago
- 资产测绘输出xlsx表格☆14Sep 10, 2024Updated last year
- sideloading PoC using onedrive.exe & version.dll☆93Oct 30, 2025Updated 4 months ago
- jeecgBoot漏洞利用工具☆47Feb 1, 2025Updated last year
- Just a nice little shellcode loader using unconventional methods to avoid using signatured APIs☆24Jul 11, 2025Updated 8 months ago
- Web interface for monitoring and interacting with Netflow data stored in Silk repositories.☆13Mar 24, 2019Updated 6 years ago
- Creation and removal of Defender path exclusions and exceptions in C#.☆32Nov 1, 2023Updated 2 years ago
- kill windows log☆45Mar 26, 2024Updated last year