Hellshazzard
Indirect Syscall implementation to bypass userland NTAPIs hooking.
Install / Use
/learn @Faran-17/HellshazzardREADME
HellsHazzard
A small POC to bypass NT API hooking using @maldevacademy indirect sycall technique.
The tool consists of the following features -
- HellsHall implementation of indirect syscall bypass by @maldevacademy
- Mechanism to detect the presence of InetSim sandbox, if detected halts the execution of the malware.
- API hashing.
- IPv6 shellcode obfuscation.
- IAT Obfuscation to evade static analysis.
- Debugger check
Here are the screenshot and demo of the tool
InetSim Detection
Before execution, the malware will check if the InetSim, which is a internet simulation sandox to trick malwares to continue to execute and make connection to the C2.
IAT Obfuscation
IAT Obfuscation hides the presence of malicious APIs in IAT table to evade basic static analysis.
NT API Evasion
Using HellsHall indirect system calls which is a modified version of Tartarus gate logic to evade NT Api hooking by @BestEdrOfTheMarket EDR.
https://github.com/user-attachments/assets/114bec4f-1770-42b0-a05b-34a03dcd78cb
Note - This tool is not tested against commercial EDRs and AV evasion and kernel base detection is out of the scope as well. New features and techniques will be implemented in other tools in near future.
Related Skills
node-connect
337.7kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
83.3kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
337.7kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
83.3kCommit, push, and open a PR
