evilashz / PigSyscallLinks
An implementation of an indirect system call
☆127Updated last year
Alternatives and similar repositories for PigSyscall
Users that are interested in PigSyscall are comparing it to the libraries listed below
Sorting:
- shellcode生成框架☆86Updated 10 months ago
- Beacon compiled using clang☆69Updated 2 years ago
- Evasive loader to bypass static detection☆60Updated last year
- It stinks☆102Updated 3 years ago
- vehsyscall:a syscall project that may bypass EDR☆59Updated last year
- A basic C2 framework written in C☆60Updated 10 months ago
- A method to execute syscalls while bypassing EDR's function hooking and call stack analysis.☆14Updated last month
- Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique☆63Updated 2 years ago
- Amaterasu terminates, or inhibits, protected processes such as application control and AV/EDR solutions by leveraging the Sysinternals Pr…☆72Updated last year
- A Simple PoC☆21Updated last year
- more conveniently Visual-Studio-BOF-template☆65Updated last year
- Section Mapping Process Injection modified with SysWhisper2 (sw2-secinject): Cobalt Strike BOF☆42Updated 2 years ago
- ☆26Updated last year
- ☆47Updated last year
- Self Cleanup in post-ex job☆55Updated 8 months ago
- ☆30Updated last year
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.☆47Updated last year
- bring your own vulnerable driver☆96Updated 2 years ago
- Kill Protected Process Light Process (include av)☆56Updated last year
- Windows Defender VDM lua collections☆47Updated 2 years ago
- Load static-compiled PE from remote server.☆62Updated 3 years ago
- CLIPBRDWNDCLASS process injection technique(BOF) - execute beacon shellcode in callback☆69Updated 2 years ago
- Indirect NT syscalls LSASS dumper.☆44Updated last year
- Beacon Object File (BOF) Template☆51Updated 6 months ago
- ☆15Updated 2 years ago
- 自定义函数堆栈,从而绕过ETW检测,这个是完整版。☆14Updated last year
- Implementation of Indirect Syscall technique to pop a calc.exe☆102Updated last year
- A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process☆103Updated 2 years ago
- UAC Bypass using UIAccess program QuickAssist☆99Updated 3 months ago
- Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…☆49Updated last year