A multi-staged malware that contains a kernel mode rootkit and a remote system shell.
☆75May 20, 2021Updated 4 years ago
Alternatives and similar repositories for TheSubZeroProject
Users that are interested in TheSubZeroProject are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- My experience using Windows API for offensive purposes☆17Jul 10, 2021Updated 4 years ago
- ☆15Dec 16, 2020Updated 5 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆41Dec 31, 2020Updated 5 years ago
- A Control Panel Applet dropper project. It has a high success rate on engagements since nobody cares about .CPL files and you can just do…☆53May 31, 2018Updated 7 years ago
- Thawne is a Sentinel for your Program. A trojan that Reinfects systems. It installs itself on the system it's Executed on. After which Th…☆10Oct 13, 2020Updated 5 years ago
- Collection of shellcode injection and execution techniques☆18Updated this week
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- ☆23May 28, 2021Updated 4 years ago
- My (OLD) RE Take On The Faux Green Petya Ransomware Builder & Client.☆20Jul 8, 2021Updated 4 years ago
- Injection of MSIL using Cecil☆12Jul 28, 2015Updated 10 years ago
- Kernel-Mode driver and User-Mode application communication project☆12Jun 24, 2018Updated 7 years ago
- Self delete DLL (2)☆14Feb 15, 2024Updated 2 years ago
- ☆84Aug 26, 2024Updated last year
- Reversed source code to the Babuk ransomware builder.☆17Jul 1, 2021Updated 4 years ago
- A spiritual .NET equivalent to the Gargoyle memory scanning evasion technique☆52Dec 6, 2018Updated 7 years ago
- ☆13Jan 28, 2017Updated 9 years ago
- Enumerate Callbacks and all Object Types☆16Jan 9, 2023Updated 3 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Tartocitron is a repo to have fun with malwares and the Rust language. This repo provides working examples of dropper written in Rust.☆11May 31, 2022Updated 3 years ago
- Driver reverse engineering of the Russian Sandworm hacking group's BlackEnergy malware.☆19Apr 27, 2021Updated 4 years ago
- Remote Administration Tool, Server Written in C# and Client Written in C++☆15Dec 8, 2022Updated 3 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆79Feb 27, 2020Updated 6 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- JALSI - Just Another Lame Shellcode Injector☆30Aug 1, 2021Updated 4 years ago
- A small PoC using DInvoke, dynamically mapping a DLL and executing Win32 APIs for process injection.☆10Dec 16, 2021Updated 4 years ago
- Win32 PE Anti-RE and Anti-debugging Framework☆13May 14, 2019Updated 6 years ago
- Conti Ransomware Source Code☆19Mar 1, 2022Updated 4 years ago
- DarkRats Standalone HVNC☆25May 20, 2022Updated 3 years ago
- D☆44May 3, 2021Updated 4 years ago
- Use NtSetInformationThread(ThreadBreakOnTermination) for anti-debugging☆15Sep 21, 2019Updated 6 years ago
- .lib file for linking against the NT CRT☆19Mar 18, 2022Updated 4 years ago
- Remote PE reflective injection with a simple reflective loader☆32Jun 28, 2019Updated 6 years ago
- Loading and executing shellcode in C# without PInvoke.☆22Jan 10, 2022Updated 4 years ago
- RunPE using Hell's Gate technique.☆32Dec 4, 2020Updated 5 years ago
- PoC designed to evade userland-hooking anti-virus.☆90May 15, 2019Updated 6 years ago
- Exploring in-memory execution of .NET☆137Apr 20, 2022Updated 3 years ago
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆21Jul 9, 2022Updated 3 years ago
- drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.☆34Oct 6, 2017Updated 8 years ago
- An Aggressor Script that utilizes NtCreateUserProcess to run binaries☆31Jan 30, 2025Updated last year