Alternatives and similar repositories for Indirect-Syscalls

Users that are interested in Indirect-Syscalls are comparing it to the libraries listed below

• Vith0r / Patch-Amsi
  Bypassing amsi.dll via memory patch, simple code!
  ☆13Updated last year
• jakydibe / Zone
  ☆17Updated 4 months ago
• V-i-x-x / kernel-callback-removal
  kernel callback removal (Bypassing EDR Detections)
  ☆211Updated 2 months ago
• hasherezade / waiting_thread_hijacking
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆262Updated 5 months ago
• susMdT / LoudSunRun
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆253Updated last year
• WKL-Sec / LayeredSyscall
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆296Updated last year
• T3nb3w / ComDotNetExploit
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆332Updated 11 months ago
• 0xHossam / KernelCallbackTable-Injection-PoC
  Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…
  ☆269Updated last year
• 0xflux / Hells-Hollow
  Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls
  ☆213Updated 5 months ago
• Maldev-Academy / LsassHijackingViaReg
  Injecting DLL into LSASS at boot
  ☆156Updated 9 months ago
• hwbp / CLR-Unhook
  Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan …
  ☆201Updated 2 months ago
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆321Updated 2 years ago
• NtDallas / KrakenMask
  Sleep obfuscation
  ☆265Updated last year
• GB102 / VirtualEXploiter
  VFGadget locator to facilitate Counterfeit Object-Oriented Programming (COOP) and Loop-Oriented Programming (LOP) attacks to bypass advan…
  ☆23Updated 10 months ago
• xrombar / flower
  a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor
  ☆107Updated last year
• rad9800 / hwbp4mw
  ☆274Updated 3 years ago
• dobin / RedEdr
  Collect Windows telemetry for Maldev
  ☆455Updated last week
• VirtualAlllocEx / Direct-Syscalls-vs-Indirect-Syscalls
  The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
  ☆225Updated 2 years ago
• TwoSevenOneT / CreateProcessAsPPL
  This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  ☆294Updated 3 months ago
• 0xJs / BYOVD_read_write_primitive
  Proof of Concepts code for Bring Your Own Vulnerable Driver techniques
  ☆204Updated 5 months ago
• paskalian / WID_LoadLibrary
  Reverse engineering winapi function loadlibrary.
  ☆232Updated 2 years ago
• dslee2022 / SignatureKid
  ☆391Updated 7 months ago
• Kudaes / Eclipse
  Activation Context Hijack
  ☆169Updated 6 months ago
• ColeHouston / Sunder
  Windows rootkit designed to work with BYOVD exploits
  ☆214Updated last year
• kleiton0x00 / Proxy-DLL-Loads
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆408Updated last month
• klezVirus / DriverJack
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆358Updated last year
• hasherezade / thread_namecalling
  Process Injection using Thread Name
  ☆297Updated 9 months ago
• Friends-Security / RedirectThread
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆198Updated 7 months ago
• Teach2Breach / moonwalk
  find dll base addresses without PEB WALK
  ☆157Updated 6 months ago
• rbmm / SC_DEMO
  ☆125Updated 2 months ago