Skip to content

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

Notifications You must be signed in to change notification settings

VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low

Repository files navigation

Direct-Syscalls-A-journey-from-high-to-low

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

The technique of direct system calls is no longer a new attack technique for Red Teamers today (April 2023). I myself have covered this topic several times (DeepSec Vienna 2020) and there are already a large number of well-written articles and useful code repositories on the Internet. Nevertheless, I would like to revisit the topic and look at various aspects related to direct system calls.

More details in my related blog post https://redops.at/en/blog/direct-syscalls-a-journey-from-high-to-low

Disclaimer

The content and all code examples in this article are for research purposes only and must not be used in an unethical context! The code used is not new and I make no claim to it. Most of the code comes, as so often, from ired.team, thank you @spotheplanet for your brilliant work and sharing it with us all! For the syscall POCs, Syswhispers2 was used, also thanks to @Jackson_T for providing this very helpful code.

References

About

Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published