0xd3xt3r / awesome-windows-rootkits
Collection of windows rootkits
☆26Updated 4 years ago
Alternatives and similar repositories for awesome-windows-rootkits:
Users that are interested in awesome-windows-rootkits are comparing it to the libraries listed below
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆72Updated 3 years ago
- Exploits pack for the Windows Kernel mode driver HackSysExtremeVulnerableDriver written for educational purposes.☆65Updated 3 years ago
- NT AUTHORITY\SYSTEM☆39Updated 4 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆41Updated 6 months ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆64Updated 7 years ago
- PoC designed to evade userland-hooking anti-virus.☆88Updated 5 years ago
- Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.☆48Updated 4 years ago
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆69Updated 2 years ago
- 2022 Updated Kernelmode-Code☆31Updated last year
- Fileless persistence, attacks and anti-forensic capabilties.☆90Updated 6 years ago
- ☆21Updated 4 years ago
- Gozi-MBR-rootkit Bootkit Modified☆67Updated 8 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆28Updated 3 years ago
- APT, Cyber warfare, Penetration testing, Zero-day,Exploiting,Fuzzing,Privilege-Escalation,browser-security,Spyware,Malwres evade…☆34Updated 6 years ago
- Analyze and attack windows applications using dll hijacking vulnerabilities☆56Updated 5 years ago
- Kernel-Mode rootkit that connects to a remote server to send & recv commands☆31Updated 6 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104Updated 4 years ago
- ☆22Updated 4 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆59Updated 7 months ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago
- Process Injection without R/W target memory and without creating a remote thread☆18Updated 3 years ago
- Variety of different process injections implemented in C++☆23Updated 3 years ago
- "An Introduction to Windows Exploit Development" is an open sourced, free Windows exploit development course I created for the Southeast …☆39Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- PoC for hiding PE exports☆66Updated 4 years ago
- Malware Analysis, Anti-Analysis, and Anti-Anti-Analysis☆45Updated 7 years ago
- CVE-2021-29337 - Privilege Escalation in MODAPI.sys (MSI Dragon Center)☆30Updated 3 years ago
- Recreating and reviewing the Windows persistence methods☆37Updated 3 years ago
- Simple project using syscalls (via Syswhispers2) to execute MessageBox shellcode.☆74Updated 3 years ago
- ☆31Updated 4 years ago