Introducing SysWhispers, a tool that helps with AV/EDR evasion by using direct system calls to bypass user-mode API hooks. It works by generating header/ASM pairs supporting all core syscalls from Windows XP to 10. Check it out here with examples: github.com/jthuraisamy/SysWh…
10
392
746
This builds off of works from @Cneelis, @j00ru, @FoxHex0ne, and others. Greetz to @Dcept905 for testing and suggestions!
1
0
7
Before-and-After example of classic CreateRemoteThread injection.

6:26 AM · Dec 11, 2019

0
2
12