DanielAvinoam / TheSubZeroProject
A multi-staged malware that contains a kernel mode rootkit and a remote system shell.
☆67Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for TheSubZeroProject
- ☆98Updated 2 years ago
- Process Hollowing demonstration & explanation☆32Updated 3 years ago
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆59Updated last year
- A novel technique to communicate between threads using the standard ETHREAD structure☆110Updated 3 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆77Updated last year
- NT AUTHORITY\SYSTEM☆38Updated 4 years ago
- A Bumblebee-inspired Crypter☆80Updated last year
- Recreating and reviewing the Windows persistence methods☆39Updated 2 years ago
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆85Updated last year
- Minifilter Callback Patching Proof-of-Concept☆61Updated 2 years ago
- Next gen process injection technique☆42Updated 4 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆92Updated 5 years ago
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆32Updated 2 years ago
- Windows GPU rootkit PoC by Team Jellyfish☆35Updated 9 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- Listing UDP connections with remote address without sniffing.☆30Updated last year
- Piece of code to detect and remove hooks in IAT☆58Updated 2 years ago
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆40Updated 3 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- XssBot-Модульный резидентный бот с супер админкой☆12Updated last year
- Bypass UAC by abusing the Internet Explorer Add-on installer☆50Updated 3 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆44Updated 7 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆104Updated 2 years ago
- SharpASM is a C# project that aims to automate ASM (i.e. shellcode) execution in .NET programs by exploiting code caves in RWX sections a…☆57Updated 2 years ago
- Clone running process with ZwCreateProcess☆58Updated 4 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆9Updated last year
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 3 years ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆117Updated last year
- Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware☆25Updated 5 years ago