cocomelonc / 2022-06-05-malware-av-evasion-7
Malware AV evasion via disable Windows Defender (Registry). C++
☆32Updated 2 years ago
Related projects: ⓘ
- OFFZONE 2024 Malware Persistence workshop☆14Updated 3 weeks ago
- Run payload like a Lazarus Group (UuidFromStringA). C++ implementation☆17Updated 2 years ago
- A Bumblebee-inspired Crypter☆79Updated last year
- Red Team Operation's Defense Evasion Technique.☆50Updated 3 months ago
- GetModuleHandle (via PEB) and GetProcAddress (via EAT) like☆31Updated 2 years ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆116Updated last year
- API Hammering with C++20☆34Updated 2 years ago
- Antivirus killer using ring-0 kernel driver. Antivirus processes will automatically close while the killer is running.☆6Updated last year
- Research into removing strings & API call references at compile-time (Anti-Analysis)☆22Updated 3 months ago
- Small PoC of using a Microsoft signed executable as a lolbin.☆131Updated last year
- NT AUTHORITY\SYSTEM☆37Updated 4 years ago
- Grab Firefox post requests by hooking PR_Write function from nss3.dll module using trampoline hook to get passwords and emails of users☆42Updated last year
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆79Updated last year
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆100Updated 11 months ago
- Bypass Malware Time Delays☆96Updated last year
- Process Ghosting is a technique in which a process is created from a delete pending file. This means the created process is not backed by…☆14Updated 4 months ago
- Piece of code to detect and remove hooks in IAT☆51Updated 2 years ago
- Process Hollowing demonstration & explanation☆31Updated 3 years ago
- ☆43Updated this week
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆56Updated last year
- Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware☆23Updated 4 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- ☆18Updated 9 months ago
- ☆35Updated last year
- Set the process mitigation policy for loading only Microsoft Modules , and block any userland 3rd party modules☆41Updated last year
- ☆41Updated last year
- Read Memory without ReadProcessMemory for Current Process☆73Updated 2 years ago
- abusing Process Hacker driver to terminate other processes (BYOVD)☆81Updated last year
- Inject shellcode to process using Windows NTAPI for bypassing EDRs and Antiviruses☆40Updated 3 years ago
- ☆33Updated last year