My adventures in learning about different userland malware techniques, such as syscalls, injection, unhooking or sandbox evasion.
☆79Jan 10, 2024Updated 2 years ago
Alternatives and similar repositories for MalwareAdventurez
Users that are interested in MalwareAdventurez are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs☆18Aug 11, 2023Updated 2 years ago
- Red-Teaming TempleOS.☆17Jul 29, 2022Updated 3 years ago
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 7 months ago
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆11Aug 8, 2022Updated 3 years ago
- The GTK Keylogger☆18Aug 11, 2023Updated 2 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- yet another sleep encryption thing. also used the default github repo name for this one.☆69May 11, 2023Updated 2 years ago
- malleable profile generator GUI for Havoc☆55Apr 28, 2023Updated 2 years ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆593Aug 2, 2025Updated 7 months ago
- ☆46Jan 1, 2023Updated 3 years ago
- A small Aggressor script to help Red Teams identify foreign processes on a host machine☆84Jan 6, 2023Updated 3 years ago
- ☆16Sep 23, 2021Updated 4 years ago
- Performing Indirect Clean Syscalls☆607Apr 19, 2023Updated 2 years ago
- ☆20Feb 6, 2024Updated 2 years ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk☆473Jul 6, 2024Updated last year
- Trolling Keyloggers by Forcing them to log Specific Text then freezing them☆22Jul 30, 2022Updated 3 years ago
- miscellaneous scripts and programs☆278Jan 23, 2025Updated last year
- different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)☆203Aug 2, 2023Updated 2 years ago
- Just another ntdll unhooking using Parun's Fart technique☆76Feb 15, 2023Updated 3 years ago
- My collection of malware dev links☆312Feb 9, 2026Updated last month
- Bypassing UAC with SSPI Datagram Contexts☆464Sep 24, 2023Updated 2 years ago
- Tool for playing with Windows Access Token manipulation.☆82Nov 28, 2022Updated 3 years ago
- ☆90Jun 2, 2024Updated last year
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- random code snippets, useful for getting started☆122Nov 29, 2025Updated 3 months ago
- Artemis - C++ Hell's Gate Syscall Implementation☆34Aug 16, 2023Updated 2 years ago
- Reflective DLL Injection with obfuscated (XOR) shellcode☆73Dec 13, 2020Updated 5 years ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Feb 6, 2026Updated last month
- Shellcode Loader Implementing Indirect Dynamic Syscall , API Hashing, Fileless Shellcode retrieving using Winsock2☆293Jul 15, 2023Updated 2 years ago
- This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp…☆440Aug 2, 2023Updated 2 years ago
- Find DLLs with RWX section☆79Jul 3, 2023Updated 2 years ago
- Example of async client/server sockets in .NET 5☆17Jun 9, 2021Updated 4 years ago
- .NET assembly loader with patchless AMSI and ETW bypass☆374Apr 19, 2023Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆46Jul 16, 2023Updated 2 years ago
- Extracting NetNTLM without touching lsass.exe☆244Nov 27, 2023Updated 2 years ago
- Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low…☆148May 6, 2023Updated 2 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆17Sep 29, 2018Updated 7 years ago
- My implementation of the GIUDA project in C++☆189Jul 25, 2023Updated 2 years ago
- WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.☆282Feb 24, 2025Updated last year
- Run Cobalt Strike BOFs in Brute Ratel C4!☆86Apr 15, 2025Updated 11 months ago