DanielAvinoam / TheSubZeroProject
A multi-staged malware that contains a kernel mode rootkit and a remote system shell.
☆69Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for TheSubZeroProject
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆59Updated last year
- Next gen process injection technique☆42Updated 4 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆110Updated 3 years ago
- ☆98Updated 2 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆78Updated last year
- 2022 Updated Kernelmode-Code☆30Updated 7 months ago
- Recreating and reviewing the Windows persistence methods☆39Updated 3 years ago
- Detours implementation (x64/x86) which used only ntdll import☆88Updated 5 months ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆105Updated 2 years ago
- Minifilter Callback Patching Proof-of-Concept☆62Updated 2 years ago
- NT AUTHORITY\SYSTEM☆38Updated 4 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆44Updated 7 years ago
- Files for http://blog.deniable.org/posts/windows-callbacks/☆67Updated 2 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆92Updated 5 years ago
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆85Updated last year
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆40Updated 3 years ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆117Updated last year
- A Bumblebee-inspired Crypter☆80Updated last year
- XssBot-Модульный резидентный бот с супер админкой☆12Updated last year
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆32Updated 2 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆83Updated last year
- kernel to user mode APC injector☆43Updated 2 years ago
- Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware☆25Updated 5 years ago
- Compact MBR Bootkit for Windows☆44Updated 2 years ago
- Process Hollowing demonstration & explanation☆32Updated 3 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆49Updated last year
- ☆76Updated 2 months ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆53Updated 3 years ago
- Bypass UAC by abusing the Internet Explorer Add-on installer☆50Updated 3 years ago
- Enabled / Disable LSA Protection via BYOVD☆62Updated 2 years ago