NtRaiseHardError / Kaiser
Fileless persistence, attacks and anti-forensic capabilties.
☆91Updated 6 years ago
Alternatives and similar repositories for Kaiser:
Users that are interested in Kaiser are comparing it to the libraries listed below
- Windows API Hashes used in the malwares☆40Updated 9 years ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆64Updated 7 years ago
- PoC designed to evade userland-hooking anti-virus.☆88Updated 5 years ago
- Process Doppelgänging☆155Updated 7 years ago
- Process reimaging proof of concept code☆96Updated 5 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆75Updated 6 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆56Updated 6 years ago
- Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.☆48Updated 4 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104Updated 4 years ago
- Reverse engineered source code of the autochk rootkit☆201Updated 5 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 4 years ago
- Process Hollowing for 32 bit and 64 bit☆79Updated 7 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆157Updated 5 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆54Updated 5 years ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆103Updated 3 years ago
- A ready-made template for a project based on libpeconv.☆47Updated last month
- Parsers for custom malware formats ("Funky malware formats")☆96Updated 3 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- a program to detect reflective dll injection on a live machine☆75Updated 9 years ago
- Some simple process injection techniques targeting the Windows platform☆32Updated 5 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆71Updated 3 years ago
- Simple 32/64-bit PEs loader.☆137Updated 6 years ago
- A kernel rootkit with remote command and control interface for windows☆108Updated 7 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆96Updated 5 years ago
- ☆49Updated 5 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆103Updated 5 years ago
- Windows (ShadowMove) Socket Duplication☆82Updated 4 years ago
- ☆31Updated 4 years ago
- PoC for detecting and dumping process hollowing code injection☆51Updated 6 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆28Updated 3 years ago