SecTheBit/MalDevelopment external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

SecTheBit/MalDevelopment

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SecTheBit/MalDevelopment)

Close

SecTheBit / MalDevelopmentView on GitHubMore

• External links
• Readme badge

All my POC related to malware development

☆15Feb 19, 2026Updated last month

Alternatives and similar repositories for MalDevelopment

Users that are interested in MalDevelopment are comparing it to the libraries listed below

• youlha1 / thebear

  View on GitHub
  the bear is an infostealer (grabber) malware written in C and assembly with the focus on evading detection.
  ☆17Sep 8, 2024Updated last year
• darksh3llRU / dark-doh

  View on GitHub
  ☆19Dec 12, 2023Updated 2 years ago
• malwareinfosec / FiddleZAP

  View on GitHub
  ☆17Oct 26, 2021Updated 4 years ago
• hackerhouse-opensource / NoFaxGiven

  View on GitHub
  Code Execution & Persistence in NETWORK SERVICE FAX Service
  ☆35Feb 2, 2026Updated last month
• hdks-bug / redteam-techniques

  View on GitHub
  Collection of red team techniques.
  ☆69Apr 25, 2025Updated 10 months ago
• CodeXTF2 / cobaltstrike-sleepmask-yara

  View on GitHub
  Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…
  ☆16Jun 4, 2025Updated 9 months ago
• win3zz / CVE-2025-5777

  View on GitHub
  CVE-2025-5777 (CitrixBleed 2) - Critical memory leak vulnerability affecting Citrix NetScaler ADC and Gateway devices
  ☆45Jul 8, 2025Updated 8 months ago
• edelucia / rules

  View on GitHub
  Cyber Threats Detection Rules
  ☆14Sep 16, 2025Updated 6 months ago
• kost / webshell-portlet

  View on GitHub
  Web shell as Portlet (useful for Websphere Portal, JBoss Portal, etc.)
  ☆12Aug 27, 2016Updated 9 years ago
• redctf / redctf-old

  View on GitHub
  CTFs On Demand
  ☆13Mar 23, 2025Updated 11 months ago
• SaadAhla / HadesLdr

  View on GitHub
  Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2
  ☆13Jul 15, 2023Updated 2 years ago
• klezVirus / AIDA64DRIVER-EoP

  View on GitHub
  AIDA64DRIVER Elevation of Privilege Vulnerability
  ☆16Oct 25, 2024Updated last year
• Offensive-Panda / WPM-MAJIC-ENTRY-POINT-INJECTION

  View on GitHub
  This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission…
  ☆18Oct 31, 2024Updated last year
• alex3O / BYOVD-DriverKiller

  View on GitHub
  Driver Reverse & Exploitation
  ☆82Sep 4, 2025Updated 6 months ago
• PL-V / Firefox-WebInject

  View on GitHub
  Firefox webInjector capable of injecting codes into webpages using a mitmproxy.
  ☆42Oct 30, 2022Updated 3 years ago
• RATandC2 / FilelessNtdllReflection

  View on GitHub
  Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…
  ☆16Jan 7, 2023Updated 3 years ago
• her0ness / av-edr-urls

  View on GitHub
  AV/EDR companies netblocks
  ☆18Nov 9, 2021Updated 4 years ago
• Offensive-Panda / .NET_PROFILER_DLL_LOADING

  View on GitHub
  .NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit i…
  ☆46Jul 29, 2024Updated last year
• dobin / ShellcodeObfuscationLab

  View on GitHub
  Test bench lab for Shellcode Obfuscation
  ☆36Sep 2, 2025Updated 6 months ago
• redt1de / MaldevEDR

  View on GitHub
  EDR/AV Simulation for Malware Development
  ☆13Oct 21, 2023Updated 2 years ago
• iknowjason / GHOSTSPlayground

  View on GitHub
  A small security playground implementation of GHOSTS User Simulation framework with an Active Directory deployment and Elastic.
  ☆20Jul 17, 2024Updated last year
• reveng007 / AMSI-patches-learned-till-now

  View on GitHub
  I have documented all of the AMSI patches that I learned till now
  ☆73Nov 4, 2025Updated 4 months ago
• SaadAhla / D1rkInject

  View on GitHub
  Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…
  ☆185Aug 2, 2023Updated 2 years ago
• EvilBytecode / PhantomDelay

  View on GitHub
  PhantomDelay is a precise delay function that uses the Windows high resolution performance counter to pause your program for a specified …
  ☆19May 8, 2025Updated 10 months ago
• 0x0ff537 / Process-Injection

  View on GitHub
  Exploring different process injection techniques based on malware analysis
  ☆14Dec 28, 2023Updated 2 years ago
• arsium / BypassUAC

  View on GitHub
  A rework of CMLuaUtil AutoElevated
  ☆30Nov 6, 2022Updated 3 years ago
• nasbench / SEDR-Internals

  View on GitHub
  Symantec EDR Internals
  ☆30Oct 12, 2021Updated 4 years ago
• ricardojoserf / SharpObfuscate

  View on GitHub
  Obfuscate payloads using IPv4, IPv6, MAC or UUID strings
  ☆23Feb 17, 2024Updated 2 years ago
• WKL-Sec / Winsocky

  View on GitHub
  Winsocket for Cobalt Strike.
  ☆104Jul 6, 2023Updated 2 years ago
• leftp / BackupCreds

  View on GitHub
  A C# implementation of dumping credentials from Windows Credential Manager
  ☆62Sep 23, 2023Updated 2 years ago
• Offensive-Panda / C2_Elevated_Shell_DLL_Hijcking

  View on GitHub
  DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Secu…
  ☆42May 18, 2024Updated last year
• NotokDay / NTProcessInjector

  View on GitHub
  Process injection via native Windows APIs (NTAPIs)
  ☆15Jan 16, 2024Updated 2 years ago
• 0xOvid / RootkitDiaries

  View on GitHub
  Collection of different rootkit functionality, each driver representing a different rootkit component
  ☆13May 27, 2025Updated 9 months ago
• hackerhouse-opensource / hackerhouse-opensource

  View on GitHub
  Github profile
  ☆21Feb 2, 2026Updated last month
• PhrozenIO / SharpFtpC2

  View on GitHub
  A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.
  ☆90Nov 9, 2023Updated 2 years ago
• XaFF-XaFF / Shellcodev

  View on GitHub
  Shellcodev is a tool designed to help and automate the process of shellcode creation.
  ☆114Oct 11, 2023Updated 2 years ago
• iknowjason / CMLab

  View on GitHub
  Configuration Management (CM) Security Playground. A small enterprise security lab to practice automation + CM tooling like Ansible, Che…
  ☆20Jul 21, 2025Updated 7 months ago
• arsium / PELoader

  View on GitHub
  ☆20Jul 23, 2023Updated 2 years ago
• ProcessusT / PsNotifRoutineUnloader

  View on GitHub
  This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…
  ☆63Feb 11, 2024Updated 2 years ago