RecycledGate

Bypass EDR using RecycledGate a combination of Hells, Halos and Tartarusgate.

Author: Whitecat18

syscalls/RecycledGate/README.md

@@ -2,6 +2,8 @@
 
 This is just another implementation of Hellsgate + Halosgate/Tartarusgate.
 
+![Recycledgate](https://github.com/user-attachments/assets/f5f1fe9b-825c-4591-a76d-049f8542cdce)
+
 This probably bypasses some EDR trying to detect abnormal systemcalls.
 
 This combines elements of Hells Gate (extracting syscall numbers from NTDLL stubs) and Halos Gate (searching nearby stubs if the target is hooked) to dynamically resolve and invoke NT syscalls.
@@ -16,4 +18,4 @@ I have made some changes to the logic and code that support compatibility.
 * [@Am0nsec](https://twitter.com/am0nsec?lang=en) and @RtlMateusz for the [original Hellsgate implementation](https://github.com/am0nsec/HellsGate)
 * [@0xBoku](https://twitter.com/0xBoku) for inspiration and his [Halosgate implementation](https://github.com/boku7/AsmHalosGate/)
 * [@trickster012](https://twitter.com/trickster012) for the implementation of [Tartarusgate](https://github.com/trickster0/TartarusGate)
-* [@winternl_t](https://twitter.com/winternl_t) for the amazing [blogpost on detection of direct syscalls](https://winternl.com/detecting-manual-syscalls-from-user-mode/)
+* [@winternl_t](https://twitter.com/winternl_t) for the amazing [blogpost on detection of direct syscalls](https://winternl.com/detecting-manual-syscalls-from-user-mode/)