PacktPublishing / Windows-APT-WarfareView external linksLinks
Windows APT Warfare, published by Packt
☆75Mar 11, 2023Updated 2 years ago
Alternatives and similar repositories for Windows-APT-Warfare
Users that are interested in Windows-APT-Warfare are comparing it to the libraries listed below
Sorting:
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆27Sep 15, 2023Updated 2 years ago
- ☆12Oct 9, 2022Updated 3 years ago
- Hooked create process injection for meterpreter☆23Jun 16, 2021Updated 4 years ago
- Reflective DLL self-loading as a library☆21May 3, 2025Updated 9 months ago
- Cisco CallManager User Enumeration☆15Aug 16, 2022Updated 3 years ago
- ☆13Jan 12, 2022Updated 4 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- A collection of Tools and Rules for decoding Brute Ratel C4 badgers☆66Jul 7, 2022Updated 3 years ago
- Reports and POCs for CVE 2024-43570 and CVE-2024-43535☆29Jun 7, 2025Updated 8 months ago
- ☆34May 14, 2018Updated 7 years ago
- ☆16Oct 31, 2022Updated 3 years ago
- Scan your computer for known vulnerable and known malicious Windows drivers using loldrivers.io☆89Dec 2, 2025Updated 2 months ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- Parse SDDL strings☆37Apr 1, 2024Updated last year
- You shall pass☆271Jul 16, 2022Updated 3 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆281Feb 24, 2025Updated 11 months ago
- Load and execute COFF files and Cobalt Strike BOFs in-memory☆226Sep 13, 2022Updated 3 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆27Aug 11, 2023Updated 2 years ago
- This is a repo for small, useful scripts and extensions☆258Jun 1, 2023Updated 2 years ago
- Tools and PoCs for Windows syscall investigation.☆368Dec 2, 2025Updated 2 months ago
- Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap☆246Aug 2, 2023Updated 2 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆85Apr 11, 2023Updated 2 years ago
- Full reversing of the Microsoft Auxiliary Windows API Library and ported to C☆24Dec 17, 2024Updated last year
- Now You See Me, Now You Don't☆1,025Jan 23, 2026Updated 3 weeks ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆675Dec 23, 2022Updated 3 years ago
- A small Python-Script to extract NetNTLMv2 Hashes from NTMLssp-HTTP-Authentications, which were captured in a pcap.☆25Mar 5, 2023Updated 2 years ago
- Simulate the behavior of AV/EDR for malware development training.☆562Feb 15, 2024Updated 2 years ago
- BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released a…☆394Jan 9, 2024Updated 2 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- PoC Implementation of a fully dynamic call stack spoofer☆901Jul 20, 2024Updated last year
- Slide deck for DEF CON 30 - Read Team Village - Offensive Wireless Security presentation☆13Aug 16, 2022Updated 3 years ago
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆11Aug 8, 2022Updated 3 years ago
- Released alongside with a talk at REcon 2023, TheRestarter is an interactive command-line tool is designed to interact with the Windows …☆15Jun 8, 2023Updated 2 years ago
- NASM listing to shellcode converter☆14May 6, 2018Updated 7 years ago
- source code for the examples and topics from the book☆10Mar 11, 2019Updated 6 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆587Aug 2, 2025Updated 6 months ago