VirtualAlllocEx / Direct-Syscalls-A-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
☆133Updated last year
Alternatives and similar repositories for Direct-Syscalls-A-journey-from-high-to-low:
Users that are interested in Direct-Syscalls-A-journey-from-high-to-low are comparing it to the libraries listed below
- A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (…☆169Updated last year
- POC for frustrating/defeating Malware Analysts☆155Updated 2 years ago
- ☆180Updated last year
- ☆134Updated last year
- An App Domain Manager Injection DLL PoC on steroids☆164Updated last year
- An x64 position-independent shellcode stager that verifies the stage it retrieves prior to execution☆169Updated 2 months ago
- Generic PE loader for fast prototyping evasion techniques☆191Updated 6 months ago
- EDRSandblast-GodFault☆248Updated last year
- CobaltWhispers is an aggressor script that utilizes a collection of Beacon Object Files (BOF) for Cobalt Strike to perform process inject…☆231Updated 2 years ago
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 4 years ago
- Patch AMSI and ETW☆234Updated 8 months ago
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆172Updated last year
- Beacon Object File Loader☆282Updated last year
- ☆113Updated last year
- A Visual Studio template used to create Cobalt Strike BOFs☆289Updated 3 years ago
- Payload for DLL sideloading of the OneDriveUpdater.exe, based on the PaloAltoNetwork Unit42's blog post☆88Updated 2 years ago
- Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…☆219Updated 4 months ago
- Exploitation of process killer drivers☆195Updated last year
- A Stealthy Lsass Dumper - can abuse ProcExp152.sys driver to dump PPL Lsass, no dbghelp.lib calls.☆318Updated 2 years ago
- Do some DLL SideLoading magic☆77Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆184Updated last year
- A variation of ProcessOverwriting to execute shellcode on an executable's section☆147Updated last year
- CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking☆222Updated last year
- C# porting of SysWhispers2. It uses SharpASM to find the code caves for executing the system call stub.☆104Updated last year
- ShellWasp is a tool to help build shellcode that utilizes Windows syscalls, while overcoming the portability problem associated with Wind…☆165Updated last year
- Your syscall factory☆122Updated 2 weeks ago
- Lateral Movement Using DCOM and DLL Hijacking☆282Updated last year
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆290Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆263Updated last year
- A basic emulation of an "RPC Backdoor"☆238Updated 2 years ago