janoglezcampos / c_syscalls
Single stub direct and indirect syscalling with runtime SSN resolving for windows.
☆126Updated 2 years ago
Related projects: ⓘ
- A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge …☆151Updated last year
- ☆132Updated last year
- Experiment on reproducing Obfuscate & Sleep☆136Updated 3 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆120Updated last year
- ☆100Updated this week
- ☆97Updated last year
- Patch AMSI and ETW in remote process via direct syscall☆78Updated 2 years ago
- Malware?☆69Updated 2 months ago
- ☆99Updated this week
- The code is a pingback to the Dark Vortex blog:☆162Updated last year
- ☆87Updated this week
- Building and Executing Position Independent Shellcode from Object Files in Memory☆154Updated 3 years ago
- ☆161Updated 2 years ago
- Overwrite a process's recovery callback and execute with WER☆100Updated 2 years ago
- ☆107Updated this week
- Load a dynamic library from memory by modifying the native Windows loader☆198Updated 11 months ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆79Updated last year
- Files for http://blog.deniable.org/posts/windows-callbacks/☆67Updated 2 years ago
- Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html☆97Updated 2 years ago
- A Poc on blocking Procmon from monitoring network events☆96Updated 2 years ago
- Cobalt Strike User Defined Reflective Loader (UDRL). Check branches for different functionality.☆134Updated 2 years ago
- Implant drop-in for EDR testing☆126Updated 10 months ago
- ☆105Updated last year
- It's pointy and it hurts!☆120Updated last year
- LdrLoadDll Unhooking☆114Updated 2 years ago
- Use hardware breakpoints to spoof the call stack for both syscalls and API calls☆177Updated 3 months ago
- ☆74Updated 3 weeks ago
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆99Updated this week
- Small PoC of using a Microsoft signed executable as a lolbin.☆131Updated last year
- Simple BOF to read the protection level of a process☆101Updated last year