NtRaiseHardError / KaiserLinks
Fileless persistence, attacks and anti-forensic capabilties.
☆91Updated 6 years ago
Alternatives and similar repositories for Kaiser
Users that are interested in Kaiser are comparing it to the libraries listed below
Sorting:
- Windows API Hashes used in the malwares☆41Updated 9 years ago
- PoC designed to evade userland-hooking anti-virus.☆88Updated 6 years ago
- Parsers for custom malware formats ("Funky malware formats")☆96Updated 3 years ago
- Assembly block for hooking windows API functions.☆92Updated 5 years ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆64Updated 7 years ago
- Parser for a custom executable format from Hidden Bee malware (first stage)☆43Updated 8 months ago
- Simple 32/64-bit PEs loader.☆138Updated 6 years ago
- Process Doppelgänging☆157Updated 7 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆75Updated 6 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆106Updated 5 years ago
- A small library helping to parse commandline parameters (for C/C++)☆57Updated last week
- Process reimaging proof of concept code☆96Updated 5 years ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆106Updated 4 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆96Updated 5 years ago
- A ready-made template for a project based on libpeconv.☆48Updated 3 months ago
- ☆49Updated 5 years ago
- Sysmon shenanigans☆65Updated 4 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 5 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆96Updated 3 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆123Updated 4 years ago
- Windows (ShadowMove) Socket Duplication☆83Updated 5 years ago
- Anti-Debug encyclopedia contains methods used by malware to verify if they are executed under debugging. It includes the description of v…☆56Updated last year
- A set of small utilities, helpers for PIN tracers☆33Updated last year
- Shellcode to load an appended Dll☆88Updated 4 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆71Updated 4 years ago
- Recreating and reviewing the Windows persistence methods☆38Updated 3 years ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆35Updated 4 years ago
- A collection of shellcode hashes☆17Updated 6 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆158Updated 5 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆111Updated 4 years ago