Alternatives and similar repositories for Hunt-Weird-Syscalls

Users that are interested in Hunt-Weird-Syscalls are comparing it to the libraries listed below

• gabriellandau / EDRSandblast-GodFault
  EDRSandblast-GodFault
  ☆266Updated last year
• xalicex / Killers
  Exploitation of process killer drivers
  ☆201Updated last year
• mansk1es / GhostFart
  ☆136Updated 2 years ago
• uf0o / windows-ps-callbacks-experiments
  Files for http://blog.deniable.org/posts/windows-callbacks/
  ☆76Updated 3 years ago
• RedTeamOperations / VEH-PoC
  ☆114Updated 2 years ago
• y11en / FOLIAGE
  Experiment on reproducing Obfuscate & Sleep
  ☆145Updated 4 years ago
• joe-desimone / patriot
  ☆142Updated 2 years ago
• NetSPI / BOF-PE
  An example reference design for a proposed BOF PE
  ☆175Updated 2 months ago
• paranoidninja / Proxy-DLL-Loads
  The code is a pingback to the Dark Vortex blog:
  ☆177Updated 2 years ago
• pathtofile / SealighterTI
  Combining Sealighter with unpatched exploits to run the Threat-Intelligence ETW Provider
  ☆176Updated 2 years ago
• Cobalt-Strike / CallStackMasker
  A PoC implementation for dynamically masking call stacks with timers.
  ☆277Updated 2 years ago
• klezVirus / RpcProxyInvoke
  Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar
  ☆130Updated 10 months ago
• waldo-irc / MalMemDetect
  Detect strange memory regions and DLLs
  ☆184Updated 3 years ago
• SaadAhla / ntdlll-unhooking-collection
  different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
  ☆194Updated last year
• fortra / hw-call-stack
  Use hardware breakpoints to spoof the call stack for both syscalls and API calls
  ☆196Updated last year
• Friends-Security / RedirectThread
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆170Updated last week
• paranoidninja / Proxy-Function-Calls-For-ETwTI
  The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
  ☆187Updated 2 years ago
• 0prrr / Malwear-Sweet
  Malware?
  ☆70Updated 8 months ago
• LloydLabs / ntqueueapcthreadex-ntdll-gadget-injection
  This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …
  ☆248Updated 2 years ago
• YOLOP0wn / EchoDrv
  Exploitation of echo_driver.sys
  ☆170Updated last year
• WKL-Sec / LayeredSyscall
  Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …
  ☆261Updated 10 months ago
• NUL0x4C / EtwSessionHijacking
  A Poc on blocking Procmon from monitoring network events
  ☆103Updated 2 years ago
• NVISOsecurity / Interceptor
  Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space
  ☆123Updated 2 years ago
• JanielDary / ImmoralFiber
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆265Updated 9 months ago
• lem0nSec / CreateRemoteThreadPlus
  CreateRemoteThread: how to pass multiple parameters to the remote thread function without shellcode.
  ☆133Updated last year
• scrt / avdebugger
  ☆96Updated 3 years ago
• CognisysGroup / SweetDreams
  Implementation of Advanced Module Stomping and Heap/Stack Encryption
  ☆218Updated last year
• NUL0x4C / DeleteShadowCopies
  Deleting Shadow Copies In Pure C++
  ☆114Updated 2 years ago
• susMdT / LoudSunRun
  Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven
  ☆229Updated 8 months ago
• Idov31 / Jormungandr
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆231Updated last year