NtRaiseHardError / Kaiser
Fileless persistence, attacks and anti-forensic capabilties.
☆84Updated 5 years ago
Related projects: ⓘ
- PoC designed to evade userland-hooking anti-virus.☆85Updated 5 years ago
- Windows API Hashes used in the malwares☆38Updated 9 years ago
- Process reimaging proof of concept code☆95Updated 5 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆91Updated 4 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆102Updated 3 years ago
- Assembly block for hooking windows API functions.☆81Updated 5 years ago
- Parsers for custom malware formats ("Funky malware formats")☆92Updated 2 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- Proxy system calls over an RPC channel☆96Updated 2 years ago
- A ready-made template for a project based on libpeconv.☆40Updated last year
- Sysmon shenanigans☆65Updated 3 years ago
- a program to detect reflective dll injection on a live machine☆72Updated 8 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆91Updated 3 years ago
- ☆68Updated 11 months ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆63Updated 6 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆97Updated 5 years ago
- Simple 32/64-bit PEs loader.☆135Updated 5 years ago
- A collection of shellcode hashes☆17Updated 6 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆155Updated 5 years ago
- ☆48Updated 4 years ago
- Process Doppelgänging☆152Updated 6 years ago
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆65Updated 2 years ago
- Windows Drivers☆95Updated 5 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆103Updated 4 years ago
- Create a Run registry key with direct system calls. Inspired by @Cneelis's Dumpert and SharpHide.☆74Updated 4 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆108Updated 3 years ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆100Updated 3 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆44Updated 7 years ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆31Updated 3 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆73Updated 6 years ago