K2 / ADMMutate
Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I…
☆86Updated last year
Alternatives and similar repositories for ADMMutate:
Users that are interested in ADMMutate are comparing it to the libraries listed below
- Example code from "Programming Linux Anti-Reversing Techniques"☆97Updated 7 years ago
- kernel exploitation helper class☆75Updated 8 years ago
- POC viruses I have created to demo some ideas☆59Updated 4 years ago
- A gadget finder and a ROP-Chainer tool for x86 platforms☆93Updated 3 years ago
- Supporting Files on my analysis of the malware designated hdroot.☆59Updated 7 years ago
- Set of my small utils related to cryptography, encoding, decoding etc☆84Updated 10 months ago
- Reflective SO injection is a library injection technique in which the concept of reflective programming is employed to perform the loadin…☆115Updated 8 years ago
- Implements the POP/MOV SS (CVE-2018-8897) vulnerability by leveraging SYSCALL to perform a local privilege escalation (LPE).☆116Updated 6 years ago
- A Python tool to generate ROP chains☆60Updated 6 years ago
- ☆112Updated 8 years ago
- heaper, an advanced heap analysis plugin for Immunity Debugger☆96Updated 12 years ago
- Transfer EIP control to shellcode during malware analysis investigation☆74Updated 10 years ago
- Python script to inject and run shellcodes through TLS callbacks☆50Updated 9 years ago
- Educational repository for learning about rootkits and Windows Kernel Hooks.☆50Updated 9 years ago
- Scripts for disassembling VBScript p-code in the memory to aid in exploits analysis☆84Updated 2 years ago
- Collection of VC++ example applications to demonstrate Win10 userland heap behavior (BEA & FEA)☆84Updated 8 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆93Updated 3 years ago
- Cminer is a tool for enumerating the code caves in PE files.☆146Updated last year
- Exploiting MS15-061 local Privilege escalation☆50Updated 9 years ago
- Reflective Polymorphism☆104Updated 6 years ago
- C++-based shellcode builder☆112Updated 4 years ago
- ☆51Updated 7 years ago
- Blackhat 2012 Sample Codes☆92Updated 8 years ago
- Binary Ninja plugin that syncs WinDbg to Binary Ninja☆47Updated 6 years ago
- Kernel Address Space Layout Randomization (KASLR) Recovery Software☆97Updated 8 years ago
- Another Repo of Malware. Enjoy. <3☆60Updated 5 years ago
- HackSys Extreme Vulnerable Driver - Windows 10 x64 StackOverflow Exploit with SMEP Bypass☆61Updated 7 years ago