expl0itabl3 / MalDevSnippets
Code snippets for exploring malware techniques in C.
☆12Updated last year
Related projects: ⓘ
- ☆43Updated this week
- Bypass UAC elevation on Windows 8 (build 9600) & above.☆53Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 2 years ago
- ☆14Updated 2 years ago
- Execute shellcode with ZwCreateSection, ZwMapViewOfSection, ZwOpenProcess, ZwMapViewOfSection and ZwCreateThreadEx☆14Updated 3 years ago
- ☆24Updated this week
- A repository filled with ideas to break/detect direct syscall techniques☆26Updated 2 years ago
- ☆36Updated 3 years ago
- An example of COM hijacking using a proxy DLL.☆20Updated 3 years ago
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 3 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆28Updated 2 years ago
- This is my own implementation of the Perun's Fart technique by Sektor7☆64Updated 2 years ago
- A proof-of-concept created for academic/learning purposes, demonstrating both local and remote use of VSTO "Add-In's" maliciously☆23Updated last year
- ☆12Updated 2 years ago
- ☆12Updated last year
- API Hammering with C++20☆34Updated 2 years ago
- ☆50Updated this week
- Artemis - C++ Hell's Gate Syscall Implementation☆31Updated last year
- Experimental PoC for unhooking API functions using in-memory patching, without VirtualProtect, for one specific EDR.☆37Updated last year
- Remove API hooks from a Beacon process.☆12Updated 3 years ago
- An attempt to make a LoadLibrary designed for offensive operations, in C# obviously.☆53Updated 2 years ago
- ☆38Updated 11 months ago
- A reimplementation of Cobalt Strike's Beacon Object File (BOF) Loader☆34Updated 9 months ago
- Windows x64 Process Injection via Ghostwriting with Dynamic Configuration☆27Updated 2 years ago
- Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"☆22Updated last year
- Piece of code to detect and remove hooks in IAT☆51Updated 2 years ago
- ☆15Updated this week
- A C implementation of the Sektor7 "A Thief" Windows privesc technique.☆59Updated 2 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Updated 3 years ago