dalvarezperez / CreateFile_based_rootkit
☆132Updated 2 weeks ago
Alternatives and similar repositories for CreateFile_based_rootkit:
Users that are interested in CreateFile_based_rootkit are comparing it to the libraries listed below
- Evasive Process Hollowing Techniques☆137Updated 4 years ago
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆172Updated 3 months ago
- NINA: No Injection, No Allocation x64 Process Injection Technique☆195Updated 4 years ago
- Bypassing NTFS permissions to read any files as unprivileged user.☆187Updated 4 years ago
- Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().☆215Updated 5 years ago
- Apply a filter to the events being reported by windows event logging☆260Updated 3 years ago
- Project to check which Nt/Zw functions your local EDR is hooking☆183Updated 4 years ago
- Experiment on reproducing Obfuscate & Sleep☆142Updated 4 years ago
- Shellcode injector using direct syscalls☆119Updated 4 years ago
- A meterpreter extension for applying hooks to avoid windows defender memory scans☆244Updated 4 years ago
- Phantom DLL hollowing PoC☆358Updated 2 years ago
- Managed assembly shellcode generation☆266Updated 4 years ago
- Example code for EDR bypassing☆150Updated 6 years ago
- Kernel Exploits☆250Updated 3 years ago
- OffensivePH - use old Process Hacker driver to bypass several user-mode access controls☆330Updated 3 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆216Updated 2 years ago
- Adds a user-mode asynchronous procedure call (APC) object to the APC queue of the specified thread and spoof the Parent Process.☆156Updated 5 years ago
- Proxy system calls over an RPC channel☆98Updated 3 years ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆52Updated 3 years ago
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆108Updated 3 years ago
- ☆148Updated 4 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆364Updated 2 years ago
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆69Updated 2 years ago
- Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windo…☆222Updated last year
- A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2☆138Updated 2 years ago
- EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and e…☆277Updated 2 years ago
- A fake AMSI Provider which can be used for persistence.☆147Updated 3 years ago
- This is a simple example and explanation of obfuscating API resolution via hashing☆237Updated 4 years ago
- Universal Unhooking☆319Updated 6 years ago
- Neutering Sysmon via driver unload☆225Updated 2 years ago