A simple proof-of-concept Windows syscall logger using the NT instrumentation callback mechanism.
☆35Mar 6, 2026Updated 4 months ago
Alternatives and similar repositories for InstrumentationCallbackSyscallLogger
Users that are interested in InstrumentationCallbackSyscallLogger are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- AD ACL Abuser for Havoc C2☆25Mar 30, 2026Updated 3 months ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆59Dec 30, 2025Updated 6 months ago
- Stack spoofing Detection for CET processes by comparing shadow and user stacks.☆36May 22, 2026Updated last month
- Orchestrate detonating redteam artifacts in VMs with different EDRs to see their detection surface.☆63Jun 24, 2026Updated 3 weeks ago
- BOF for Havoc that copies locked Windows files (SAM, SYSTEM, NTDS.dit) via raw MFT parsing — no VSS, no Registry APIs, no PowerShell☆134Apr 6, 2026Updated 3 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 8 months ago
- Hijacking the Windows network stack from the kernel :)☆46May 5, 2026Updated 2 months ago
- Beacon Object File to Enable Chrome DevTools Protocol (CDP)☆116Jul 1, 2026Updated 2 weeks ago
- usermode thread hijacking detection via working set page fault monitoring☆31Apr 20, 2026Updated 2 months ago
- BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation☆132Mar 27, 2026Updated 3 months ago
- Abusing DDMA alongside Copy On Write for Cross Process Code Execution for a 3000$ Bug Bounty☆99Feb 1, 2026Updated 5 months ago
- Injecting code by recompiling shellcode into a ROP chain.☆146Apr 21, 2026Updated 2 months ago
- ☆26Apr 5, 2026Updated 3 months ago
- Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.☆74Jun 2, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique☆182Apr 14, 2026Updated 3 months ago
- ☆35Apr 17, 2026Updated 2 months ago
- Finding Truth in the Shadows☆127Jan 26, 2023Updated 3 years ago
- A Beacon Object File (BOF) for Havoc/CS to Bypass PPL and Dump Lsass☆180Sep 22, 2025Updated 9 months ago
- Rusty Hell's Gate / Halo's Gate / Tartarus' Gate / FreshyCalls / Syswhispers2 Library☆32Sep 23, 2022Updated 3 years ago
- A BOF designed to inspect processes memory and addresses☆40Apr 19, 2026Updated 2 months ago
- ☆16May 7, 2025Updated last year
- A Cobalt Strike Beacon Object File that exploits the BlueHammer vulnerability that to obtain a copy of the SAM database.☆166Apr 15, 2026Updated 3 months ago
- psexec-like remote execution using the paexec wire protocol that supports paexec and remoteexecm2 from manageengine adselfservice plus☆43Mar 24, 2026Updated 3 months ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Async BOF to automatically extract or renew Kerberos TGTs on a target system.☆134Updated this week
- ☆26Apr 17, 2026Updated 2 months ago
- A simple POC to show how to chain multiple callbacks via tail calls to artificially construct a call stack☆109May 25, 2026Updated last month
- chernobog is a Hex-Rays decompiler plugin that defeats Hikari LLVM obfuscation.☆200May 6, 2026Updated 2 months ago
- ☆52May 4, 2025Updated last year
- DLL manual mapping through hooking IAT functions.☆10Nov 2, 2024Updated last year
- Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.☆118Jan 26, 2026Updated 5 months ago
- .data ptr swapper for newer win32k versions. (Supports Windows 11)☆37Jan 19, 2026Updated 5 months ago
- "Bypassing" HVCI via donor PFN swaps to modify read-only code pages. Call chained kernel functions (kCET and SLAT support), and more.☆129Mar 16, 2026Updated 4 months ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications☆20Mar 28, 2025Updated last year
- Dll injection through code page id modification in registry. Based on jonas lykk research☆16Jun 18, 2022Updated 4 years ago
- BOF POC of the DSCourier project / invoking WinGet via COM☆90Apr 23, 2026Updated 2 months ago
- KVC enables unsigned driver loading via DSE bypass (g_CiOptions patch, skci.dll hijack, SeCiCallbacks redirection) and PP/PPL manipulatio…☆295May 28, 2026Updated last month
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆81Apr 13, 2025Updated last year
- ☆27Dec 29, 2021Updated 4 years ago
- Linux Process Injection via Seccomp Notifier☆95Dec 9, 2025Updated 7 months ago