joaoviictorti / shadowLinks
Windows Kernel Rootkit in Rust
☆670Updated 2 months ago
Alternatives and similar repositories for shadow
Users that are interested in shadow are comparing it to the libraries listed below
Sorting:
- Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)☆560Updated 2 years ago
- Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antiv…☆468Updated 3 weeks ago
- Evasion by machine code de-optimization.☆410Updated last year
- Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)☆573Updated 2 years ago
- A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs☆335Updated 6 months ago
- Centralized resource for listing and organizing known injection techniques and POCs☆661Updated last week
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆578Updated 4 months ago
- Because AV evasion should be easy.☆843Updated last year
- Complete list of LPE exploits for Windows (starting from 2023)☆865Updated last month
- A robust Windows Process Executable Packer and Launcher implementation written in Rust for Windows x64 systems.☆41Updated 11 months ago
- ROP-based sleep obfuscation to evade memory scanners☆370Updated 6 months ago
- Now You See Me, Now You Don't☆1,008Updated last week
- Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls☆386Updated last year
- Template-based shellcode packer written in Rust, with indirect syscall support. Made with <3 for pentesters.☆311Updated 6 months ago
- BYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).☆484Updated 2 months ago
- Real fucking shellcode encryptor & obfuscator tool☆979Updated last week
- Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)☆354Updated last year
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆739Updated 4 months ago
- Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST☆723Updated 2 years ago
- RustRedOps is a repository for advanced Red Team techniques and offensive malware, focused on Rust 🦀☆1,805Updated 2 weeks ago
- Performing Indirect Clean Syscalls☆594Updated 2 years ago
- Inject DLLs into the explorer process using icons☆395Updated 7 months ago
- A set of fully-undetectable process injection techniques abusing Windows Thread Pools☆1,226Updated 2 years ago
- Dynamically invoke arbitrary unmanaged code☆355Updated last year
- Cybersecurity research results. Simple C/C++ and Python implementations☆283Updated last week
- Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys☆498Updated 2 years ago
- Shoggoth: Asmjit Based Polymorphic Encryptor☆773Updated last year
- A Rust implementation of GodPotato — abusing SeImpersonate to gain SYSTEM privileges. Includes a TCP-based reverse shell and indirect NTA…☆349Updated 8 months ago
- A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfve…☆581Updated last year
- PoCs for Kernelmode rootkit techniques research.☆424Updated last month