A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
☆116Feb 1, 2022Updated 4 years ago
Alternatives and similar repositories for manual-syscall-detect
Users that are interested in manual-syscall-detect are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- A way to detect DBI frameworks, Debuggers and VMs.☆24Nov 17, 2020Updated 5 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆503Feb 3, 2022Updated 4 years ago
- PoC capable of detecting manual syscalls from usermode.☆207Nov 13, 2025Updated 5 months ago
- Security product hook detection☆328Mar 30, 2021Updated 5 years ago
- AI Agents on DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Single header library to simplify the usage of direct syscalls. x64/x86☆15Feb 26, 2023Updated 3 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆243Jul 7, 2021Updated 4 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆499Jan 25, 2022Updated 4 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆267Nov 18, 2022Updated 3 years ago
- ☆70Feb 6, 2025Updated last year
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆361Sep 1, 2022Updated 3 years ago
- Analyze patches in a process☆260Jul 28, 2021Updated 4 years ago
- A copy of my Mathematics and Computer Engineering B.Sc. thesis☆20Dec 8, 2020Updated 5 years ago
- devirtualization vmprotect☆66Mar 11, 2023Updated 3 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- ☆26Dec 29, 2021Updated 4 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆392Jul 6, 2022Updated 3 years ago
- Inline syscalls made easy for windows on clang☆737Jun 21, 2024Updated last year
- Lightweight WINAPI tracing with Pin☆27Aug 22, 2019Updated 6 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆123Mar 25, 2022Updated 4 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- ☆42Apr 22, 2021Updated 4 years ago
- SyscallLoader☆11Sep 13, 2021Updated 4 years ago
- Universal x86/x64 VMProtect 2.0-3.X Import fixer☆24Dec 29, 2021Updated 4 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Recon 2015 Presentation from Alex Ionescu☆251Jan 27, 2016Updated 10 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆38May 12, 2022Updated 3 years ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆225Sep 13, 2022Updated 3 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- WTSRM☆215Aug 7, 2022Updated 3 years ago
- API monitoring via return-hijacking thunks; works without information about target function prototypes.☆117May 26, 2020Updated 5 years ago
- x64 Kernel Hooks Detection☆24Jan 1, 2017Updated 9 years ago
- The Definitive Guide To Process Cloning on Windows☆543Jan 3, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Load any Beacon Object File using Powershell!☆262Dec 9, 2021Updated 4 years ago
- LoadLibrary for offensive operations☆1,177Oct 22, 2021Updated 4 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆378May 24, 2022Updated 3 years ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆159Nov 14, 2021Updated 4 years ago
- Detect strange memory regions and DLLs☆191Jan 20, 2022Updated 4 years ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 4 years ago