An implementation of an indirect system call
☆132Aug 25, 2023Updated 2 years ago
Alternatives and similar repositories for PigSyscall
Users that are interested in PigSyscall are comparing it to the libraries listed below
Sorting:
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆721Jul 19, 2023Updated 2 years ago
- more conveniently Visual-Studio-BOF-template☆75Sep 12, 2023Updated 2 years ago
- Self Cleanup in post-ex job☆59Sep 10, 2024Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- BOF implementation of delete self poc that delete a locked executable or a currently running file from disk by its pid, path, or the curr…☆78Jul 23, 2023Updated 2 years ago
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆267Oct 16, 2024Updated last year
- Porting of BOF InlineExecute-Assembly to load .NET assembly in process but with patchless AMSI and ETW bypass using hardware breakpoint.☆278Apr 17, 2023Updated 2 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆225Jul 25, 2023Updated 2 years ago
- Just another version of the custom stack call from Proxy-Function-Calls-For-ETwTI☆34Mar 17, 2023Updated 3 years ago
- beta☆119Sep 24, 2024Updated last year
- Delete file regardless of whether the handle is used via SetFileInformationByHandle☆55Jul 1, 2023Updated 2 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆374Apr 19, 2023Updated 2 years ago
- 添加计划任务方法集合☆310Aug 6, 2023Updated 2 years ago
- Take a screenshot without injection for Cobalt Strike☆203Jun 7, 2023Updated 2 years ago
- Improved version of EKKO by @5pider that Encrypts only Image Sections☆125Feb 13, 2023Updated 3 years ago
- 关于RPC一些绕EDR的tips☆198Mar 3, 2023Updated 3 years ago
- Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE☆205Aug 25, 2023Updated 2 years ago
- Process injection alternative☆407Sep 6, 2024Updated last year
- Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms☆136Dec 20, 2022Updated 3 years ago
- A beacon object file implementation of PoolParty Process Injection Technique.☆438Dec 21, 2023Updated 2 years ago
- Library of BOFs to interact with SQL servers☆227Dec 3, 2025Updated 3 months ago
- ☆46Jun 25, 2024Updated last year
- C++ self-Injecting dropper based on various EDR evasion techniques.☆426Feb 11, 2024Updated 2 years ago
- Cobalt Strike + Brute Ratel C4 Beacon Object File (BOF) Conversion of the Mockingjay Process Injection Technique☆158Nov 7, 2023Updated 2 years ago
- Dumping LSASS with a duplicated handle from custom LSA plugin☆204Feb 23, 2022Updated 4 years ago
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆473Jul 6, 2024Updated last year
- A PoC implementation for dynamically masking call stacks with timers.☆308Feb 13, 2023Updated 3 years ago
- A little tool to play with Windows security☆12Jan 21, 2026Updated 2 months ago
- Implementation of Indirect Syscall technique to pop a calc.exe☆112Jan 25, 2024Updated 2 years ago
- A BOF that runs unmanaged PEs inline☆685Oct 23, 2024Updated last year
- Syscall免杀☆511Jun 21, 2024Updated last year
- UDRL for CS☆443Dec 3, 2023Updated 2 years ago
- Sleep Obfuscation☆824Dec 3, 2023Updated 2 years ago
- Generic PE loader for fast prototyping evasion techniques☆245Jul 2, 2024Updated last year
- Cobalt Strike BOF that Add a user to localgroup by samr☆135Nov 30, 2022Updated 3 years ago
- PE loader with various shellcode injection techniques☆450Oct 17, 2022Updated 3 years ago
- ☆83Nov 1, 2023Updated 2 years ago
- Implant drop-in for EDR testing☆147Nov 15, 2023Updated 2 years ago
- Its a coff loader ported to go( Modified by TimWhite )☆26Jul 17, 2023Updated 2 years ago