x42en/sysplant external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

x42en/sysplant

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/x42en/sysplant)

Close

x42en / sysplantView on GitHubMore

• External links
• Readme badge

Your Windows syscall hooking factory - feat Canterlot's Gate - All accessible over MCP

☆127Mar 19, 2026Updated last week

Alternatives and similar repositories for sysplant

Users that are interested in sysplant are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• itaymigdal / GhostNap

  View on GitHub
  Sleep obfuscation for shellcode implants and their reflective shit
  ☆53Sep 19, 2023Updated 2 years ago
• itaymigdal / PartyLoader

  View on GitHub
  Threadless shellcode injection tool
  ☆68Aug 5, 2024Updated last year
• frkngksl / NimExec

  View on GitHub
  Fileless Command Execution for Lateral Movement in Nim
  ☆389Dec 12, 2023Updated 2 years ago
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆65Mar 19, 2024Updated 2 years ago
• itaymigdal / HubbleHub

  View on GitHub
  Explore and filter your GitHub starred repositories
  ☆25Dec 5, 2023Updated 2 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• CognisysGroup / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆293Jul 15, 2023Updated 2 years ago
• S3cur3Th1sSh1t / Ruy-Lopez

  View on GitHub
  ☆319Jun 28, 2023Updated 2 years ago
• Mr-Un1k0d3r / Cookie-and-Handle-Stealer

  View on GitHub
  C or BOF file to extract WebKit master key to decrypt user cookie
  ☆207Apr 29, 2024Updated last year
• eversinc33 / BouncyGate

  View on GitHub
  Indirect Syscalls: HellsGate in Nim, but making sure that all syscalls go through NTDLL (as in RecycledGate).
  ☆185Feb 12, 2023Updated 3 years ago
• mansk1es / GhostFart

  View on GitHub
  ☆143Jun 21, 2023Updated 2 years ago
• YOLOP0wn / POSTDump

  View on GitHub
  ☆342Nov 10, 2025Updated 4 months ago
• OffenseTeacher / NimRekey

  View on GitHub
  ☆39May 20, 2023Updated 2 years ago
• nbaertsch / nimvoke

  View on GitHub
  Indirect syscalls + DInvoke made simple.
  ☆95Dec 24, 2024Updated last year
• WKL-Sec / dcomhijack

  View on GitHub
  Lateral Movement Using DCOM and DLL Hijacking
  ☆325Jun 18, 2023Updated 2 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• trustedsec / CS_COFFLoader

  View on GitHub
  ☆135Dec 4, 2023Updated 2 years ago
• VoldeSec / PatchlessCLRLoader

  View on GitHub
  .NET assembly loader with patchless AMSI and ETW bypass
  ☆374Apr 19, 2023Updated 2 years ago
• OffenseTeacher / Steganim

  View on GitHub
  ☆46Jun 21, 2023Updated 2 years ago
• SaadAhla / D1rkInject

  View on GitHub
  Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…
  ☆185Aug 2, 2023Updated 2 years ago
• deepinstinct / Dirty-Vanity

  View on GitHub
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆674Dec 23, 2022Updated 3 years ago
• EspressoCake / BetterPipename

  View on GitHub
  Example of using Sleep to create better named pipes.
  ☆41Jul 25, 2023Updated 2 years ago
• EspressoCake / BOF_Development_Docker

  View on GitHub
  A VSCode devcontainer for development of COFF files with batteries included.
  ☆50Jul 10, 2023Updated 2 years ago
• S3cur3Th1sSh1t / NimGetSyscallStub

  View on GitHub
  Get fresh Syscalls from a fresh ntdll.dll copy
  ☆234Jan 28, 2022Updated 4 years ago
• zimawhit3 / Bitmancer

  View on GitHub
  Nim Library for Offensive Security Development
  ☆199Sep 4, 2023Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• OtterHacker / SetProcessInjection

  View on GitHub
  ☆153Oct 2, 2023Updated 2 years ago
• kleiton0x00 / Proxy-DLL-Loads

  View on GitHub
  A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
  ☆413Jan 11, 2026Updated 2 months ago
• frkngksl / NimicStack

  View on GitHub
  NimicStack is the pure Nim implementation of Call Stack Spoofing technique to mimic legitimate programs
  ☆94Aug 1, 2022Updated 3 years ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• thefLink / Hunt-Weird-Syscalls

  View on GitHub
  ETW based POC to identify direct and indirect syscalls
  ☆189Apr 19, 2023Updated 2 years ago
• Mr-Un1k0d3r / Elevate-System-Trusted-BOF

  View on GitHub
  ☆176Mar 27, 2023Updated 3 years ago
• outflanknl / unmanaged-dotnet-patch

  View on GitHub
  Modify managed functions from unmanaged code
  ☆53Feb 1, 2024Updated 2 years ago
• Haunted-Banshee / ErebusGate

  View on GitHub
  ErebusGate for Nim Bypass AV/EDR
  ☆160Nov 7, 2022Updated 3 years ago
• mandiant / msi-search

  View on GitHub
  ☆290Jul 20, 2023Updated 2 years ago
• Managed Database hosting by DigitalOcean • Ad
  PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
• S3cur3Th1sSh1t / Caro-Kann

  View on GitHub
  Encrypted shellcode Injection to avoid Kernel triggered memory scans
  ☆408Sep 12, 2023Updated 2 years ago
• Teach2Breach / pool_party_rs

  View on GitHub
  remote process injections using pool party techniques
  ☆70Jun 29, 2025Updated 9 months ago
• x0reaxeax / PageSplit

  View on GitHub
  Splitting and executing shellcode across multiple pages
  ☆103Jun 8, 2023Updated 2 years ago
• reveng007 / DarkWidow

  View on GitHub
  Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …
  ☆787Jan 26, 2026Updated 2 months ago
• nettitude / ETWHash

  View on GitHub
  C# POC to extract NetNTLMv1/v2 hashes from ETW provider
  ☆258May 10, 2023Updated 2 years ago
• GetRektBoy724 / SyscallShuffler

  View on GitHub
  Your NTDLL vaccine from modern direct syscall methods.
  ☆36Apr 5, 2022Updated 3 years ago
• fin3ss3g0d / NativeThreadpool

  View on GitHub
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆88Feb 11, 2024Updated 2 years ago