Transparently call NTAPI via Halo's Gate with indirect syscalls.
☆15Apr 26, 2024Updated last year
Alternatives and similar repositories for NtGate
Users that are interested in NtGate are comparing it to the libraries listed below
Sorting:
- BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR☆21Feb 8, 2024Updated 2 years ago
- NTAPI hook bypass with (semi) legit stack trace☆19May 9, 2023Updated 2 years ago
- Bypassing AV, EDR, Application Whitelisting and ASR Rules☆13Apr 18, 2023Updated 2 years ago
- Various methods of executing shellcode☆74Mar 27, 2023Updated 2 years ago
- C2 redirector as a web API☆10May 22, 2021Updated 4 years ago
- Direct syscalls Injection to bypass AV/EDR☆11May 18, 2024Updated last year
- ☆13Jun 22, 2017Updated 8 years ago
- Cobalt Strike Beacon Object File (BOF) that uses RegConnectRegistryA + RegOpenKeyExA API to dump registry hives on remote computer☆17Mar 4, 2023Updated 3 years ago
- Excel Add In Payload Generator☆14Oct 9, 2023Updated 2 years ago
- Library of BOFs to interact with SQL servers☆16Dec 6, 2024Updated last year
- EventLogSilencer is a PowerShell script designed for disable Windows Event Logging☆18Oct 28, 2023Updated 2 years ago
- A Multilayered AV/EDR Evasion Framework and AV Testing Tool.☆18Jun 28, 2025Updated 8 months ago
- MalDev & AV-EDR Evasion for Pentesters☆20Feb 17, 2023Updated 3 years ago
- Beacon Object Files used for Cobalt Strike☆19Jul 18, 2023Updated 2 years ago
- A mechanism that trampoline hooks functions in x86/x64 systems.☆21Oct 9, 2024Updated last year
- ☆23Oct 19, 2023Updated 2 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆148May 6, 2023Updated 2 years ago
- Artemis - C++ Hell's Gate Syscall Implementation☆34Aug 16, 2023Updated 2 years ago
- Go Shellcode Loader to be Integrated in Exploration C2☆27Feb 7, 2025Updated last year
- Terminate AV/EDR leveraging BYOVD attack☆104Mar 21, 2025Updated 11 months ago
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆31Jan 14, 2023Updated 3 years ago
- A tool written in golang which compress using UPX and patch it with the provided PE file to make "UPX -d" flag impossible to decompress a…☆31Jan 2, 2025Updated last year
- A pure C version of SymProcAddress☆30Mar 17, 2024Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hol…☆71Feb 11, 2024Updated 2 years ago
- Impacket is a collection of Python classes for working with network protocols.☆31Jun 27, 2024Updated last year
- Inject shellcode into process via "EarlyBird"☆26Aug 30, 2021Updated 4 years ago
- ☆65Nov 12, 2022Updated 3 years ago
- Little program written in C# to bypass EDR hooks and dump the content of the lsass process☆61Jun 24, 2021Updated 4 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- NimReflectiveLoader is a Nim-based tool for in-memory DLL execution using Reflective DLL Loading.☆31Jan 21, 2024Updated 2 years ago
- API hooking and code injection made easy!☆40Aug 22, 2023Updated 2 years ago
- I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning …☆287Aug 1, 2025Updated 7 months ago
- A powerful, extremely lightweight, encrypted port forwarder built on a reliable UDP transport.☆40Feb 18, 2026Updated 2 weeks ago
- My adventures in learning about different userland malware techniques, such as syscalls, injection, unhooking or sandbox evasion.☆79Jan 10, 2024Updated 2 years ago
- SharpDir is a simple code set to search both local and remote file systems for files and is compatible with Cobalt Strike.☆30Jul 4, 2019Updated 6 years ago
- shellcode-loaders and beacon-loaders☆72Nov 7, 2023Updated 2 years ago
- Rat Inject is C++ Executable to gain Undetectable Persistence in Windows via 4 Registry Keys☆32Nov 29, 2022Updated 3 years ago
- x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks☆235Mar 8, 2023Updated 2 years ago
- Linux Process Injection via Seccomp Notifier☆84Dec 9, 2025Updated 2 months ago