TheMalwareGuardian / BenticoLinks
[ARCHIVED] Early work on Benthic (Windows Kernel Rootkit).
☆56Updated 2 months ago
Alternatives and similar repositories for Bentico
Users that are interested in Bentico are comparing it to the libraries listed below
Sorting:
- A curated compilation of extensive resources dedicated to bootkit and rootkit development.☆120Updated 2 months ago
- ☆160Updated 7 months ago
- ( 0day ) Local Privilege Escalation in IObit Malware Fighter☆157Updated 6 months ago
- [ARCHIVED] Early work on Abyss (Windows UEFI Bootkit).☆44Updated 2 months ago
- Injecting DLL into LSASS at boot☆143Updated 5 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆234Updated 11 months ago
- BSides Prishtina 2024 Malware Development and Persistence workshop☆99Updated 4 months ago
- Obex – Blocking unwanted DLLs in user mode☆241Updated last month
- Windows rootkit designed to work with BYOVD exploits☆210Updated 9 months ago
- kernel callback removal (Bypassing EDR Detections)☆193Updated 6 months ago
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆179Updated 2 years ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆210Updated last year
- A vulnerable driver exploited by me (BYOVD) that is capable of terminating several EDRs and antivirus software in the market, rendering t…☆97Updated 9 months ago
- This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead…☆132Updated 4 months ago
- Windows x64 kernel mode rootkit process hollowing POC.☆188Updated 2 years ago
- A Powershell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, f…☆164Updated last year
- ☆265Updated 2 years ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆353Updated last year
- simple user-mode Rootkit☆106Updated 2 years ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆358Updated 8 months ago
- Slides & Code snippets for a workshop held @ x33fcon 2024☆271Updated last year
- A PoC for Early Cascade process injection technique.☆198Updated 8 months ago
- Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)☆144Updated last year
- Sleep obfuscation☆243Updated 10 months ago
- Code execution/injection technique using DLL PEB module structure manipulation☆207Updated 4 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆115Updated last year
- ☆261Updated last year
- Activation Context Hijack☆170Updated 2 months ago
- A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.☆197Updated last year
- My projects to understand malware development and detection. Use responsibly. I'm not responsible if you cause unauthorised damage to any…☆94Updated 4 months ago