lem0nSec / AlcatrazLinks
An example of Windows self-replicating malware.
☆10Updated 2 years ago
Alternatives and similar repositories for Alcatraz
Users that are interested in Alcatraz are comparing it to the libraries listed below
Sorting:
- run process as PPL Antimalware☆10Updated last year
- Just another casual shellcode native loader☆24Updated 3 years ago
- Process Injection: APC Injection☆32Updated 4 years ago
- Evilbytecode-Gate resolves Windows System Service Numbers (SSNs) using two methods: analyzing the Guard CF Table in ntdll.dll and parsing…☆21Updated last month
- AIDA64DRIVER Elevation of Privilege Vulnerability☆13Updated 7 months ago
- ☆54Updated 2 years ago
- Offensive Assembly code snippets.☆12Updated last year
- ☆21Updated last year
- A simple Linux in-memory .so loader☆30Updated 2 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆27Updated 3 years ago
- Research of modifying exported function names at runtime (C/C++, Windows)☆17Updated last year
- A powerful Windows UI monitoring and DNS exfiltration tool written in Rust, combining advanced UI event capture capabilities with secure …☆16Updated 3 months ago
- A simple PE loader.☆26Updated 2 years ago
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆29Updated 2 years ago
- Callstack spoofing using a VEH because VEH all the things.☆20Updated 2 months ago
- Dangling COM Keys Finder☆17Updated 3 years ago
- really ?☆12Updated last year
- using the Recycle Bin to insure persistence☆12Updated 2 years ago
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 3 years ago
- ☆25Updated 2 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆39Updated 4 years ago
- Hooking Heavens Gate in a weekend☆13Updated 3 years ago
- a demo module for the kaine agent to execute and inject assembly modules☆38Updated 9 months ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆34Updated 3 years ago
- Hooked create process injection for meterpreter☆23Updated 3 years ago
- Remap ntdll.dll using only NTAPI functions with a suspended process☆21Updated last month
- Simple PoC to locate hooked functions by EDR in ntdll.dll☆36Updated last year
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Updated 3 years ago
- ☆40Updated 3 months ago
- 🗡️ A multi-user malleable C2 framework targeting Windows. Written in C++ and Python☆45Updated last year