6 results found Sort:

VirtualAlllocEx
DEFCON-31-Syscalls-Workshop VirtualAlllocEx
95
645
unknown
11
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
syscalls workshop shellcode edr-bypass edr-evasion direct-syscalls antivirus-bypass malware-analysis shellcode-loader antivirus-evasion indirect-syscalls windows-internals malware-development malware-development-guide
Created 2023-04-30
1,148 commits to main branch, last one 11 months ago
VirtualAlllocEx
Direct-Syscalls-vs-Indirect-Syscalls VirtualAlllocEx
22
169
unknown
5
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
av-bypass av-evasion edr-bypass edr-evasion windows-int direct-syscalls shellcode-loader indirect-syscalls
Created 2023-05-23
10 commits to main branch, last one 11 months ago
annihilatorq
shadow_syscall annihilatorq
18
164
apache-2.0
5
windows syscalls with a single line and a high level of abstraction. has modern cpp20 wrappers and utilities, range-based DLL and export enumeration, wrapper around KUSER_SHARED_DATA. supported compil...
cpp masm export hashing syscall analysis syscalls shellcode header-only obfuscation win-internals getprocaddress direct-syscalls getmodulehandle shadow-syscalls reverse-engineering
Created 2023-08-23
40 commits to shellcode branch, last one 21 days ago
VirtualAlllocEx
Direct-Syscalls-A-journey-from-high-to-low VirtualAlllocEx
22
133
unknown
4
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
av-bypass av-evasion edr-bypass edr-evasion direct-syscalls
Created 2023-04-14
17 commits to main branch, last one about a year ago
voidvxvt
HellBunny voidvxvt
12
64
unknown
3
Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks
dll msvc ntapi maldev windows edr-bypass native-api api-hashing edr-evasion iat-camouflage direct-syscalls dll-sideloading shellcode-loader indirect-syscalls process-injection payload-encryption malware-development shellcode-injection
Created 2024-12-15
1 commits to main branch, last one 13 days ago
VirtualAlllocEx
DSC_SVC_REMOTE VirtualAlllocEx
11
51
unknown
3
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service p...
av-bypass av-evasion edr-bypass edr-evasion direct-syscalls
Created 2023-05-08
12 commits to main branch, last one about a year ago