Syscalls

A multi-layered evasion framework combining Hell’s Hall indirect syscalls, PEB-based API hashing, IAT camouflage, custom CRT removal, ntdll unhooking via KnownDlls, sandbox detection, self-deletion, and Fiber-based shellcode execution — built to understand and demonstrate how modern offensive tooling evades EDR/AV at every layer.

A shellcode injector that bypasses userland hooks by resolving and calling NT syscalls directly — no Win32 API strings, no GetProcAddress, no GetModuleHandle. Custom PEB walk, export table parsing, and compile-time Djb2 hashing.