Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
windows syscalls with a single line and a high level of abstraction. has modern cpp20 wrappers and utilities, range-based DLL and export enumeration, wrapper around KUSER_SHARED_DATA. supported compil...
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service p...
BypassETWDirectSyscallShellcodeLoader is a robust C++14 application designed for secure and stealthy shellcode execution. It incorporates advanced anti-debugging and anti-sandboxing techniques to evad...