Cr4sh / r0ak
r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems
☆10Updated 6 years ago
Alternatives and similar repositories for r0ak:
Users that are interested in r0ak are comparing it to the libraries listed below
- Windows GPU rootkit PoC by Team Jellyfish☆35Updated 9 years ago
- XOrCryptEx lightweight C Utility/Algorithm☆11Updated 2 years ago
- Another Portable Executable files analysing stuff☆20Updated 13 years ago
- NT AUTHORITY\SYSTEM☆37Updated 4 years ago
- Sysprep Volatile Environment LPE (2017)☆14Updated 2 months ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆38Updated 4 years ago
- Hooking Heavens Gate in a weekend☆13Updated 3 years ago
- Enter Product Key Volatile Environment LPE☆12Updated 2 months ago
- TaskMgr Volatile Environment LPE☆13Updated 2 months ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Updated last year
- call gates as stable comunication channel for NT x86 and Linux x86_64☆31Updated last year
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆16Updated 6 years ago
- using the Recycle Bin to insure persistence☆12Updated 2 years ago
- really ?☆12Updated 11 months ago
- ☆25Updated 2 years ago
- r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems☆27Updated 6 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆39Updated 4 months ago
- Listing UDP connections with remote address without sniffing.☆30Updated last year
- UPDATED 2022 Flame malware sourcecode available !! Forked. I will later provide my sample of Flame, Duqu and Gauss.☆19Updated 10 months ago
- A LKM (Loadable Kernel Module) to execute a command as root; I include a example of using netcat and a compiled(with source and steps on…☆15Updated 3 months ago
- A simple PE loader.☆25Updated 2 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- ☆23Updated 4 years ago
- Injects position-dependent code into a code cave in an executable file, and applies relocations.☆23Updated last year
- Dangling COM Keys Finder☆15Updated 3 years ago
- Process Hollowing demonstration & explanation☆34Updated 3 years ago
- ELF packer/crypter that aims to create hardened and stealthy troyans☆53Updated 3 years ago
- ☆26Updated 3 months ago
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆61Updated last year
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆16Updated 3 weeks ago