brosck / Frosty
γπ§γRing 3 Rootkit for Windows 10
β57Updated 5 months ago
Alternatives and similar repositories for Frosty:
Users that are interested in Frosty are comparing it to the libraries listed below
- γβοΈγRing 0 Rootkit for Linux Kernels x86/x86_64 5.x/6.xβ23Updated last month
- Splitting and executing shellcode across multiple pagesβ102Updated last year
- This is a simple process injection made in C for Linux systemsβ26Updated last year
- Create Anti-Copy DRM Malwareβ56Updated 8 months ago
- Attacking the cleanup_module function of a kernel moduleβ32Updated last month
- π‘οΈ A multi-user malleable C2 framework targeting Windows. Written in C++ and Pythonβ44Updated last year
- LKM rootkit for modern kernels, with DNS C2 and a simple web interfaceβ65Updated last month
- API Hammering with C++20β47Updated 2 years ago
- Red Team Operation's Defense Evasion Technique.β52Updated 11 months ago
- Understanding WinRAR Code Execution Vulnerability (CVE-2023-38831)β41Updated last year
- Classic Process Injection with Memory Evasion Techniques implemantationβ69Updated last year
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.β63Updated 2 years ago
- β39Updated 10 months ago
- Simple ETW unhook PoC. Overwrites NtTraceEvent opcode to disable ETW at Nt-function level.β47Updated last year
- Small project looking into how we can build malware with zero-imports by dynamically resolving windows APIs using GetProcAddress and GetMβ¦β38Updated last year
- γβοΈγDetect which native Windows API's (NtAPI) are being hookedβ38Updated 5 months ago
- This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process holβ¦β69Updated last year
- Indirect Syscall implementation to bypass userland NTAPIs hooking.β74Updated 8 months ago
- MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploitβ40Updated last year
- Windows AppLocker Driver (appid.sys) LPEβ56Updated 9 months ago
- abusing Process Hacker driver to terminate other processes (BYOVD)β82Updated last year
- Simple PoC to locate hooked functions by EDR in ntdll.dllβ36Updated last year
- Various methods of executing shellcodeβ70Updated 2 years ago
- Section-based payload obfuscation technique for x64β59Updated 9 months ago
- Bypass the Event Trace Windows(ETW) and unhook ntdll.β103Updated last year
- NativePayload_PE1/PE2 , Injecting Meterpreter Payload bytes into local Process via Delegation Technique + in-memory with delay Changing Rβ¦β58Updated last year
- BYOVD Technique Example using viragt64 driverβ38Updated 9 months ago
- β141Updated 6 months ago
- Bypass Malware Sandbox Evasion Ram checkβ137Updated 2 years ago
- Persistence via Shell Extensionsβ63Updated last year