HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

SysWhispers3 - AV/EDR evasion via direct system calls.

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,618
Solutions
2
Reputation
32
Reaction score
100,455
Points
2,313
Credits
32,700
‎6 Years of Service‎
 
76%
screenshot-6388.png


SysWhispers helps with evasion by generating header/ASM files implants can use to make direct system calls.

Why on earth didn't I create a PR to SysWhispers2?

The reason for SysWhispers3 to be a standalone version are many, but the most important are:

  •     SysWhispers3 is the de-facto "fork" used by Inceptor, and implements some utils class which are not relevant to the original version of the tool.
  •     SysWhispers2 is moving towards supporting NASM compilation (for gcc/mingw), while this version is specifically designed and tested to support MSVC (because Inceptor will stay a Windows-only framework for the near future).
  •     SysWhispers3 contains partially implemented features (such as egg-hunting) which would not be sensible to include in the original version of the tool.

To see this hidden content, you must like this content.
 
Last edited by a moderator:
Status
Not open for further replies.
Back
Top