evilashz/PigSyscall

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/evilashz/PigSyscall)

evilashz / PigSyscall

An implementation of an indirect system call

☆132

Alternatives and similar repositories for PigSyscall

Users that are interested in PigSyscall are comparing it to the libraries listed below

Sorting:

Dec0ne / HWSyscalls
View on GitHub
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
☆718Jul 19, 2023Updated 2 years ago
WKL-Sec / StackMask
View on GitHub
A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.
☆66May 2, 2023Updated 2 years ago
CBLabresearch / PhantomExecution
View on GitHub
Self Cleanup in post-ex job
☆59Sep 10, 2024Updated last year
evilashz / Visual-Studio-BOF-template
View on GitHub
more conveniently Visual-Studio-BOF-template
☆75Sep 12, 2023Updated 2 years ago
CICADA8-Research / IHxExec
View on GitHub
Process injection alternative
☆406Sep 6, 2024Updated last year
TianNaYa / ProxyDll
View on GitHub
beta
☆120Sep 24, 2024Updated last year
VoldeSec / PatchlessInlineExecute-Assembly
View on GitHub
Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.
☆277Apr 17, 2023Updated 2 years ago
AgeloVito / self_delete_bof
View on GitHub
BOF implementation of delete self poc that delete a locked executable or a currently running file from disk by its pid, path, or the curr…
☆78Jul 23, 2023Updated 2 years ago
evilashz / ProxyAPICall
View on GitHub
Just another version of the custom stack call from Proxy-Function-Calls-For-ETwTI
☆34Mar 17, 2023Updated 2 years ago
CognisysGroup / SweetDreams
View on GitHub
Implementation of Advanced Module Stomping and Heap/Stack Encryption
☆225Jul 25, 2023Updated 2 years ago
VoldeSec / PatchlessCLRLoader
View on GitHub
.NET assembly loader with patchless AMSI and ETW bypass
☆368Apr 19, 2023Updated 2 years ago
susMdT / LoudSunRun
View on GitHub
Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
☆261Oct 16, 2024Updated last year
Octoberfest7 / MemFiles
View on GitHub
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
☆473Jul 6, 2024Updated last year
baiyies / ScreenshotBOFPlus
View on GitHub
Take a screenshot without injection for Cobalt Strike
☆203Jun 7, 2023Updated 2 years ago
Tw1sm / SQL-BOF
View on GitHub
Library of BOFs to interact with SQL servers
☆223Dec 3, 2025Updated 3 months ago
0xEr3bus / PoolPartyBof
View on GitHub
A beacon object file implementation of PoolParty Process Injection Technique.
☆434Dec 21, 2023Updated 2 years ago
pard0p / CallstackSpoofingPOC
View on GitHub
C++ self-Injecting dropper based on various EDR evasion techniques.
☆427Feb 11, 2024Updated 2 years ago
M0nster3 / RpcsDemo
View on GitHub
关于RPC一些绕EDR的tips
☆198Mar 3, 2023Updated 2 years ago
CymulateResearch / Blindside
View on GitHub
Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
☆136Dec 20, 2022Updated 3 years ago
Hagrid29 / DuplicateDump
View on GitHub
Dumping LSASS with a duplicated handle from custom LSA plugin
☆204Feb 23, 2022Updated 4 years ago
fortra / No-Consolation
View on GitHub
A BOF that runs unmanaged PEs inline
☆681Oct 23, 2024Updated last year
Hagrid29 / PELoader
View on GitHub
PE loader with various shellcode injection techniques
☆449Oct 17, 2022Updated 3 years ago
evilashz / PigScheduleTask
View on GitHub
添加计划任务方法集合
☆309Aug 6, 2023Updated 2 years ago
huaigu4ng / SysWhispers3WinHttp
View on GitHub
Syscall免杀
☆511Jun 21, 2024Updated last year
SaadAhla / D1rkSleep
View on GitHub
Improved version of EKKO by @5pider that Encrypts only Image Sections
☆125Feb 13, 2023Updated 3 years ago
Cracked5pider / KaynStrike
View on GitHub
UDRL for CS
☆444Dec 3, 2023Updated 2 years ago
Octoberfest7 / CVE-2023-36874_BOF
View on GitHub
Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE
☆205Aug 25, 2023Updated 2 years ago
ewby / Mockingjay_BOF
View on GitHub
Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique
☆158Nov 7, 2023Updated 2 years ago
paranoidninja / Proxy-Function-Calls-For-ETwTI
View on GitHub
The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
☆210Jan 29, 2023Updated 3 years ago
Cracked5pider / Ekko
View on GitHub
Sleep Obfuscation
☆816Dec 3, 2023Updated 2 years ago
Sndav / coffee
View on GitHub
Coffee is a loader for ELF (Executable and Linkable Format) object files written in Rust. Coffee是一个用Rust语言编写的ELF object文件的加载器
☆63Apr 29, 2024Updated last year
Cobalt-Strike / CallStackMasker
View on GitHub
A PoC implementation for dynamically masking call stacks with timers.
☆309Feb 13, 2023Updated 3 years ago
seventeenman / SelfDel-BOF
View on GitHub
Delete file regardless of whether the handle is used via SetFileInformationByHandle
☆55Jul 1, 2023Updated 2 years ago
ScriptIdiot / sleepmask_ekko_cfg
View on GitHub
Code snippets to add on top of cobalt strike sleepmask kit so that ekko can work in a CFG protected process
☆49Mar 15, 2023Updated 2 years ago
Kudaes / EPI
View on GitHub
Threadless Process Injection through entry point hijacking
☆350Sep 10, 2024Updated last year
lem0nSec / ShellGhost
View on GitHub
A memory-based evasion technique which makes shellcode invisible from process start to end.
☆1,198Oct 16, 2023Updated 2 years ago
naksyn / DojoLoader
View on GitHub
Generic PE loader for fast prototyping evasion techniques
☆244Jul 2, 2024Updated last year
WKL-Sec / Malleable-CS-Profiles
View on GitHub
A list of python tools to help create an OPSEC-safe Cobalt Strike profile.
☆512May 19, 2025Updated 9 months ago
antonioCoco / SspiUacBypass
View on GitHub
Bypassing UAC with SSPI Datagram Contexts
☆461Sep 24, 2023Updated 2 years ago