CyberSecurityUP

CyberSecurityUP / SysWhispers4

Public

AV/EDR evasion via direct and indirect system calls Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64

av-evasion edr-evasion syswhispers syswhispers4
86
11
69% credibility
Found Feb 26, 2026 at 43 stars 2x -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

SysWhispers4 generates custom C and assembly code for Windows programs to perform direct system calls, bypassing antivirus hooks for authorized security testing and research.

How It Works

1
🔍 Discover SysWhispers4

You hear about this tool from security experts testing how well antivirus software catches sneaky programs.

2
📥 Bring it home

Download the files from the sharing site to a folder on your computer.

3
⚙️ Refresh the list

Optionally update the built-in list of Windows system details to stay current.

4
Create your stealth code

Pick a ready option like 'common' or 'injection' and let the tool make special code files that slip past antivirus guards.

5
💻 Add to your project

Drop the new code files into your own program and set it up to use them.

6
🚀 Test it out

Run your program and watch it call Windows functions directly without triggering alarms.

Evasion success

Your test works perfectly, helping you understand and strengthen defenses against real threats.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 43 to 86 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is SysWhispers4?

SysWhispers4 is a Python tool that generates C and assembly stubs for direct and indirect system calls on Windows, from NT 3.1 through 11 24H2 across x64, x86, WoW64, and ARM64. It lets you invoke NT kernel functions while evading AV/EDR hooks in ntdll.dll, outputting ready-to-compile headers, C files, and ASM for MSVC, MinGW, or Clang. Run `python syswhispers.py --preset injection` for shellcode scenarios or `--preset all` for full coverage of 48 functions.

Why is it gaining traction?

It builds on SysWhispers lineage with fresh techniques like FreshyCalls resolution, randomized indirect calls via gadget pools, and egg hunts that hide syscall opcodes on disk. ARM64 support and auto-updating syscall tables from j00ru cover the latest 24H2 builds, plus evasion extras like XOR-encrypted SSNs, stack spoofing, and ETW bypasses. Developers grab it for robust hook resistance without manual stub tweaking.

Who should use this?

Red teamers crafting process hollowing or DLL injection payloads that dodge EDR user-mode hooks. Pentesters on Windows engagements needing clean syscalls for memory ops, thread creation, or token manipulation. Defensive researchers reverse-engineering AV/EDR behaviors.

Verdict

Solid pick for Windows syscall evasion if you're in authorized testing—feature-packed CLI and presets make it dead simple to integrate. With 43 stars and a 0.699999988079071% credibility score, it's early-stage but well-documented; update tables regularly and test thoroughly before prod use.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.