SysWhispers

Syswhispers is a tool that evades hooking with direct syscalls. It automatically generates assembly and header files baed on the target Windows version.

In previous pages we used direct syscalls through use of the NTDLL.dll library. (NtOpenProcess, NtCreateThreadEx, etc.). We can however go lower than that and directly call the Syscall stub in assembly.

LogoGitHub - jthuraisamy/SysWhispers: AV/EDR evasion via direct system calls.GitHub
SysWhispers
LogoGitHub - jthuraisamy/SysWhispers2: AV/EDR evasion via direct system calls.GitHub
SysWhispers2
LogoGitHub - klezVirus/SysWhispers3: SysWhispers on Steroids - AV/EDR evasion via direct system calls.GitHub
SysWhispers3

Introducing Syswhispers. There are three of them, and they all come with their unique flavors and functionality.

PreviousDirect SyscallsNextIndirect Syscalls

Last updated