UmaRex01 / SysCallingLinks
SysCalling is an educational project demonstrating state-of-the-art syscall execution techniques for bypassing user-space EDR controls in a Windows x64 environment.
☆13Updated 8 months ago
Alternatives and similar repositories for SysCalling
Users that are interested in SysCalling are comparing it to the libraries listed below
Sorting:
- An ICMP channel for Beacons, implemented using Cobalt Strike’s External C2 framework.☆95Updated last month
- SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Prefe…☆139Updated this week
- ☆81Updated last year
- ☆45Updated 3 months ago
- ☆142Updated 2 years ago
- Cobaltstrike Reflective Loader with Synthetic Stackframe☆128Updated 6 months ago
- Hijacks code execution via overwriting Control Flow Guard pointers in combase.dll☆127Updated 3 months ago
- ☆51Updated last year
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆206Updated last year
- ☆97Updated 11 months ago
- A basic C2 framework written in C☆60Updated last year
- ApexLdr is a DLL Payload Loader written in C☆111Updated last year
- A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike☆143Updated 2 weeks ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆157Updated last year
- PrimitiveInjection by using Read, Write and Allocation Primitives.☆46Updated last month
- TypeLib persistence technique☆119Updated 9 months ago
- In-memory sleep encryption and heap encryption for Go applications through a shellcode function.☆39Updated last year
- A simple Sleepmask BOF example☆132Updated 2 months ago
- Robust Cobalt Strike shellcode loader with multiple advanced evasion features☆169Updated 3 months ago
- Cobalt Strike beacon object file implementation for trusted path UAC bypass. The target executable will be called without involving "cmd.…☆140Updated 3 years ago
- A C# port from Invoke-GhostTask☆117Updated last year
- CVE-2024-40711-exp☆42Updated 9 months ago
- ☆116Updated 6 months ago
- Modified versions of the Cobalt Strike Process Injection Kit☆99Updated last year
- Reflective shellcode loaderwith advanced call stack spoofing and .NET support.☆193Updated last month
- Use the Netlogon Remote Protocol (MS-NRPC) to dump the target hash.☆58Updated 5 months ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆80Updated 9 months ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆84Updated 2 years ago
- ☆90Updated last year
- Help red teams find opsec processes during engagements☆42Updated 8 months ago