Alternatives and similar repositories for Indirect-Syscalls

Users that are interested in Indirect-Syscalls are comparing it to the libraries listed below

• Vith0r / Patch-Amsi
  Bypassing amsi.dll via memory patch, simple code!
  ☆12Updated 11 months ago
• jakydibe / Zone
  ☆17Updated last month
• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆193Updated 6 months ago
• dobin / RedEdr
  Collect Windows telemetry for Maldev
  ☆426Updated 3 weeks ago
• Kirandawadi / volatility3-mcp
  Volatility3 MCP Server for automating Memory Forensics
  ☆12Updated 3 months ago
• dslee2022 / SignatureKid
  ☆363Updated 4 months ago
• BlackSnufkin / BYOVD
  BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).
  ☆396Updated last month
• hasherezade / waiting_thread_hijacking
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆246Updated last month
• GB102 / VirtualEXploiter
  VFGadget locator to facilitate Counterfeit Object-Oriented Programming (COOP) and Loop-Oriented Programming (LOP) attacks to bypass advan…
  ☆18Updated 7 months ago
• rtecCyberSec / Packer_Development
  Slides & Code snippets for a workshop held @ x33fcon 2024
  ☆271Updated last year
• T3nb3w / ComDotNetExploit
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆323Updated 7 months ago
• rad9800 / BootExecuteEDR
  ☆403Updated 10 months ago
• vxCrypt0r / Voidmaw
  A new technique that can be used to bypass memory scanners. This can be useful in hiding problematic code (such as reflective loaders imp…
  ☆331Updated last year
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆143Updated 5 months ago
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆353Updated last year
• tijme / dittobytes
  Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.
  ☆532Updated last month
• Offensive-Panda / RWX_MEMEORY_HUNT_AND_INJECTION_DV
  Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
  ☆288Updated last year
• rad9800 / hwbp4mw
  ☆265Updated 2 years ago
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆282Updated 6 months ago
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆315Updated last year
• ZeroMemoryEx / CVE-2025-26125
  ( 0day ) Local Privilege Escalation in IObit Malware Fighter
  ☆157Updated 6 months ago
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆234Updated 11 months ago
• cocomelonc / meow
  Cybersecurity research results. Simple C/C++ and Python implementations
  ☆265Updated this week
• Cracked5pider / earlycascade-injection
  early cascade injection PoC based on Outflanks blog post
  ☆232Updated 11 months ago
• susMdT / LoudSunRun
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆244Updated last year
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆210Updated 9 months ago
• deepinstinct / DCOMUploadExec
  DCOM Lateral movement POC abusing the IMsiServer interface - uploads and executes a payload remotely
  ☆378Updated 10 months ago
• Maldev-Academy / MaldevAcademyLdr.2
  RunPE implementation with multiple evasive techniques
  ☆214Updated 3 weeks ago
• NtDallas / KrakenMask
  Sleep obfuscation
  ☆243Updated 10 months ago
• 0xNinjaCyclone / EarlyCascade
  A PoC for Early Cascade process injection technique.
  ☆198Updated 8 months ago