TheMalwareGuardian / Awesome-Bootkits-Rootkits-Development
A curated compilation of extensive resources dedicated to bootkit and rootkit development.
☆36Updated 3 weeks ago
Alternatives and similar repositories for Awesome-Bootkits-Rootkits-Development:
Users that are interested in Awesome-Bootkits-Rootkits-Development are comparing it to the libraries listed below
- Windows Kernel Mode Rootkit☆42Updated 3 weeks ago
- UEFI Windows Bootkit☆30Updated 9 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆140Updated 3 weeks ago
- Windows rootkit designed to work with BYOVD exploits☆173Updated 2 months ago
- LKM rootkit for modern kernels, with DNS C2 and a simple web interface☆64Updated 2 weeks ago
- kernel callback removal (Bypassing EDR Detections)☆142Updated last week
- Shellcode encryptor using a substitution cipher with a randomly generated key.☆120Updated 2 months ago
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆177Updated last year
- Sleep obfuscation☆210Updated 3 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆208Updated 5 months ago
- Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks☆98Updated 3 months ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆72Updated last year
- Generating legitimate call stack frame along with indirect syscalls by abusing Vectored Exception Handling (VEH) to bypass User-Land EDR …☆244Updated 8 months ago
- Construct the payload at runtime using an array of offsets☆63Updated 9 months ago
- (0day) Local Privilege Escalation in IObit Malware Fighter☆124Updated 2 months ago
- Huffman Coding in Shellcode Obfuscation & Dynamic Indirect Syscalls Loader.☆106Updated last year
- ☆34Updated last year
- Stack Spoofing with Synthetic frames based on the work of namazso, SilentMoonWalk, and VulcanRaven☆211Updated 5 months ago
- Windows x64 kernel mode rootkit process hollowing POC.☆186Updated last year
- A command and control framework.☆49Updated 3 months ago
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆73Updated 7 months ago
- Shellcode loader using direct syscalls via Hell's Gate and payload encryption.☆90Updated 9 months ago
- T-1 is a shellcode loader that leverages ML techniques to detect VM environments☆25Updated 5 months ago
- Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution☆42Updated 8 months ago
- A bunch of scripts and code i wrote.☆135Updated 4 months ago
- ☆103Updated 5 months ago
- ☆137Updated 5 months ago
- Remote Shellcode Injector☆212Updated last year
- a modified CONTEXT based ropchain to circumvent CFG-FindHiddenShellcode and EtwTi-FluctuationMonitor☆93Updated last year
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆158Updated 10 months ago