C++ self-Injecting dropper based on various EDR evasion techniques.
-
Updated
Feb 11, 2024 - C
C++ self-Injecting dropper based on various EDR evasion techniques.
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
A Rust port of LayeredSyscall — performs indirect syscalls while generating legitimate API call stack frames by abusing VEH.
ApexLdr is a DLL Payload Loader written in C
Clean Indirect Syscalls with Hook Evasion & Return Address Spoofing.
Usermode detector that catches indirect syscalls. Traps Hell's Hall, Tartarus' Gate, RecycledGate, and VEH syscalls & Many more.
SysWhispers & HellsGate successor, executing protected Indirect & Direct syscalls in EDR protected settings
Stealth Windows keylogger.
Indirect Syscall invocation via thread hijacking
NTAPI hook bypass with (semi) legit stack trace
Shellcode Loader Library.
Transparently call NTAPI via Halo's Gate with indirect syscalls.
A generic x64 indirect syscall template for RED TEAM OPSEC
A shellcode loader powered by a web panel.
Header-only Windows x64 indirect syscall library. Zero CRT, zero IAT, VEH anti-BP, AMSI/ETW bypass, W^X memory, per-call dynamic stubs.
Implementation and documentation of establishing a reverse shell using only indirect syscalls
This is stands as a research blog and exercise in payload development. The exact technique talked through is via Remote Thread.
Invoke Shellcode through Indirect Syscalls inside PowerShell
Add a description, image, and links to the indirect-syscall topic page so that developers can more easily learn about it.
To associate your repository with the indirect-syscall topic, visit your repo's landing page and select "manage topics."