KooroshRZ / Evader
Packer (actually a crypter) for antivirus evasion implemented for windows PE files (BSc-Thesis)
☆102Updated 4 years ago
Related projects: ⓘ
- NINA: No Injection, No Allocation x64 Process Injection Technique☆193Updated 4 years ago
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆147Updated 4 years ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆63Updated 6 years ago
- Process Hollowing in C++ (x86 / x64) - Process PE image replacement☆118Updated last year
- A kernel rootkit with remote command and control interface for windows☆107Updated 6 years ago
- An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.☆292Updated 5 years ago
- Various Process Injection Techniques☆141Updated 2 years ago
- Packer compressing .net assemblies, (ab)using the PE format for data storage☆152Updated last year
- A kernel-mode rootkit with remote control☆204Updated 3 years ago
- vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.☆88Updated 3 years ago
- A quick-and-dirty anti-hook library proof of concept.☆100Updated 6 years ago
- Manual DLL Injector using Thread Hijacking.☆225Updated 6 years ago
- A PE (Portable Executable) packer with Huffman Compression and Xor encryption.☆56Updated 3 years ago
- Process Hollowing for 32 bit and 64 bit☆78Updated 6 years ago
- PoC designed to evade userland-hooking anti-virus.☆85Updated 5 years ago
- This is a simple example and explanation of obfuscating API resolution via hashing☆224Updated 4 years ago
- A more stealthy variant of "DLL hollowing"☆335Updated 6 months ago
- A Simple AES Command Line Crypter☆35Updated last year
- Reverse engineered source code of the autochk rootkit☆195Updated 4 years ago
- Executing a .NET Assembly from C++ in Memory (CLR Hosting)☆184Updated 7 years ago
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆157Updated 2 months ago
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆100Updated 11 months ago
- Executes 64bit code from a 32bit process☆229Updated 7 years ago
- ☆75Updated this week
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆212Updated last year
- Easy XOR string encryption for NET based binaries☆124Updated 10 months ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆195Updated 3 years ago
- Inject code into a legitimate process☆141Updated 9 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆216Updated 3 years ago
- Hide malware behind a legit process C#☆120Updated 4 years ago