ldpreload / MedusaLinks
LD_PRELOAD Rootkit
☆299Updated 10 months ago
Alternatives and similar repositories for Medusa
Users that are interested in Medusa are comparing it to the libraries listed below
Sorting:
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆671Updated 2 years ago
- ( 0day ) Local Privilege Escalation in IObit Malware Fighter☆164Updated 10 months ago
- C++ self-Injecting dropper based on various EDR evasion techniques.☆425Updated last year
- Encrypted shellcode Injection to avoid Kernel triggered memory scans☆407Updated 2 years ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆321Updated 2 years ago
- Inject DLLs into the explorer process using icons☆403Updated 8 months ago
- Proof of Concept for manipulating the Kernel Callback Table in the Process Environment Block (PEB) to perform process injection and hijac…☆268Updated last year
- Performing Indirect Clean Syscalls☆603Updated 2 years ago
- Patching "signtool.exe" to accept expired certificates for code-signing.☆339Updated last week
- PoCs for Kernelmode rootkit techniques research.☆427Updated 3 months ago
- A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.☆408Updated 3 weeks ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆587Updated 6 months ago
- Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths☆357Updated last year
- Revenant - A 3rd party agent for Havoc that demonstrates evasion techniques in the context of a C2 framework☆389Updated last year
- Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.☆406Updated 2 years ago
- Collect Windows telemetry for Maldev☆455Updated last week
- Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.☆288Updated last year
- An easily modifiable shellcode template for Windows x64 written in C☆277Updated 2 years ago
- APT38 Tactic PoC for Stealing 0days from security researchers☆324Updated 8 months ago
- Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls☆388Updated last year
- A small x64 library to load dll's into memory.☆452Updated 2 years ago
- Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird …☆766Updated 2 weeks ago
- Tools and PoCs for Windows syscall investigation.☆368Updated 2 months ago
- Remote Shellcode Injector☆221Updated 2 years ago
- Reflective DLL Injection Made Bella☆248Updated last year
- CaveCarver - PE backdooring tool which utilizes and automates code cave technique☆232Updated 2 years ago
- Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process☆286Updated 2 years ago
- Using fibers to run in-memory code.☆240Updated 2 years ago
- Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypa…☆263Updated 2 months ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆465Updated 2 years ago