Alternatives and similar repositories for direct-syscall:

Users that are interested in direct-syscall are comparing it to the libraries listed below

• LloydLabs / process-enumeration-stealth
  ☆80Updated 5 months ago
• zimnyaa / insomnia
  a stage1 DLL loader with sleep obfuscation
  ☆35Updated 2 years ago
• knight0x07 / BumbleCrypt
  A Bumblebee-inspired Crypter
  ☆80Updated 2 years ago
• RobinFassinaMoschiniForks / TransitionalPeriod
  Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits
  ☆27Updated 2 years ago
• xalicex / Get-DLL-and-Function-Addresses
  GetModuleHandle (via PEB) and GetProcAddress (via EAT) like
  ☆32Updated 3 years ago
• LloydLabs / dearg-thread-ipc-stealth
  A novel technique to communicate between threads using the standard ETHREAD structure
  ☆110Updated 3 years ago
• passthehashbrowns / suspendedunhook
  ☆37Updated 3 years ago
• xalicex / Unhook-Import-Address-Table
  Piece of code to detect and remove hooks in IAT
  ☆62Updated 2 years ago
• s4dbrd / ETWReader
  Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich
  ☆14Updated 7 months ago
• maziland / StackBombing
  Next gen process injection technique
  ☆44Updated 4 years ago
• SolomonSklash / UnhookingPOC
  A small commented POC for removing API hooks placed by AV/EDR.
  ☆33Updated 4 years ago
• crummie5 / Freshycalls_PoC
  A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯
  ☆40Updated 4 years ago
• thefLink / Hunt-Weird-ImageLoads
  Small tool to play with IOCs caused by Imageload events
  ☆42Updated last year
• rad9800 / VehApiResolve
  ☆106Updated 2 years ago
• zimnyaa / LEOPARDSEAL
  A simple Linux in-memory .so loader
  ☆29Updated last year
• fern89 / runpe-x64
  RunPE adapted for x64 and written in C, does not use RWX
  ☆23Updated 9 months ago
• SolomonSklash / SeasideBishop
  A C port of b33f's UrbanBishop
  ☆38Updated 4 years ago
• susMdT / effective-waffle
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆70Updated last year
• 0xTriboulet / Cycotic
  A python polymorphic engine for C programs
  ☆12Updated last year
• SECFORCE / SharpASM
  SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…
  ☆57Updated 2 years ago
• xenoscr / manual-syscall-detect
  A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
  ☆107Updated 3 years ago
• connormcgarr / EATGuard
  Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)
  ☆96Updated last year
• janoglezcampos / FindItByCalls
  Hacky code for extracting calls in DLLs by function
  ☆14Updated 2 years ago
• waldo-irc / JYang
  ☆14Updated 2 years ago
• AlionGreen / apc-injection
  Process Injection: APC Injection
  ☆29Updated 4 years ago
• yamakadi / ldr
  A work in progress BOF/COFF loader in Rust
  ☆47Updated last year
• DanielAvinoam / TheSubZeroProject
  A multi-staged malware that contains a kernel mode rootkit and a remote system shell.
  ☆72Updated 3 years ago
• lem0nSec / Dsebler
  Reimplementation of the KExecDD DSE bypass technique.
  ☆46Updated 5 months ago
• DGRonpa / Process_Injection
  ☆28Updated 3 years ago
• GetRektBoy724 / Breaking-Detecting-Direct-Syscall-Techniques
  A repository filled with ideas to break/detect direct syscall techniques
  ☆27Updated 2 years ago