NtRaiseHardError / Kaiser
Fileless persistence, attacks and anti-forensic capabilties.
☆90Updated 6 years ago
Alternatives and similar repositories for Kaiser:
Users that are interested in Kaiser are comparing it to the libraries listed below
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆63Updated 7 years ago
- PoC designed to evade userland-hooking anti-virus.☆88Updated 5 years ago
- Windows API Hashes used in the malwares☆41Updated 9 years ago
- Simple 32/64-bit PEs loader.☆137Updated 6 years ago
- Parsers for custom malware formats ("Funky malware formats")☆95Updated 3 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆95Updated 5 years ago
- Process reimaging proof of concept code☆96Updated 5 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆94Updated 3 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- WIP Emotet Control Flow Unflattening using miasm and radare2☆23Updated 2 years ago
- Process Doppelgänging☆155Updated 7 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆56Updated 6 years ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆195Updated 4 years ago
- Some simple process injection techniques targeting the Windows platform☆32Updated 5 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104Updated 4 years ago
- Windows Drivers☆97Updated 5 years ago
- A collection of shellcode hashes☆17Updated 6 years ago
- Assembly block for hooking windows API functions.☆87Updated 5 years ago
- Windows (ShadowMove) Socket Duplication☆80Updated 4 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆72Updated 3 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- DLL Injection Library & Tools☆72Updated 8 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆103Updated 5 years ago
- ☆31Updated 4 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 4 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆120Updated 4 years ago
- ☆49Updated 4 years ago
- Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.☆48Updated 4 years ago
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆69Updated 2 years ago