brosck / FrostyLinks
γπ§γRing 3 Rootkit for Windows 10
β60Updated last year
Alternatives and similar repositories for Frosty
Users that are interested in Frosty are comparing it to the libraries listed below
Sorting:
- Kernel Mode Driver for Elevating Process Privilegesβ134Updated 2 years ago
- Various methods of executing shellcodeβ73Updated 2 years ago
- γβοΈγRing 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.xβ27Updated 9 months ago
- Windows AppLocker Driver (appid.sys) LPEβ72Updated last year
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process holβ¦β70Updated last year
- Create Anti-Copy DRM Malwareβ71Updated last year
- Identify and exploit leaked handles for local privilege escalation.β111Updated 2 years ago
- β50Updated 3 years ago
- Simple PoC to locate hooked functions by EDR in ntdll.dllβ46Updated 2 years ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.β66Updated 2 years ago
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ45Updated last year
- BYOVD Technique Example using viragt64 driverβ67Updated last year
- Implementation of Indirect Syscall technique to pop a calc.exeβ113Updated 2 years ago
- XOR decrypting shellcode using the GPU with OpenCL.β120Updated 8 months ago
- abusing Process Hacker driver to terminate other processes (BYOVD)�β83Updated 2 years ago
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploitβ41Updated 2 years ago
- Bypass Malware Sandbox Evasion Ram checkβ141Updated 3 years ago
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, anβ¦β185Updated 2 years ago
- Standalone Metasploit-like XOR encoder for shellcodeβ50Updated last year
- Splitting and executing shellcode across multiple pagesβ103Updated 2 years ago
- β40Updated 2 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".β85Updated 2 years ago
- using the gpu to hide your payloadβ63Updated 3 years ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.β53Updated last year
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loaderβ64Updated 2 years ago
- Basic implementation of Cobalt Strikes - User Defined Reflective Loader featureβ102Updated 2 years ago
- Persistence via Shell Extensionsβ64Updated 2 years ago
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modulesβ43Updated 2 years ago
- Small PoC of using a Microsoft signed executable as a lolbin.β140Updated 2 years ago
- Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.β128Updated last month