memN0ps / redlotus-rs
Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
☆507Updated last year
Related projects: ⓘ
- Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)☆526Updated last year
- A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.☆393Updated last year
- PoC Implementation of a fully dynamic call stack spoofer☆677Updated 2 months ago
- Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.☆606Updated 10 months ago
- HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…☆353Updated last year
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆537Updated last year
- Rusty Arsenal - A collection of experimental Process Injection and Post-Exploitation Techniques in Rust☆230Updated 10 months ago
- baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability☆288Updated 11 months ago
- A tutorial on how to write a packer for Windows!☆240Updated 9 months ago
- The Definitive Guide To Process Cloning on Windows☆387Updated 8 months ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆597Updated last year
- Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks☆266Updated 10 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆475Updated 5 months ago
- A small x64 library to load dll's into memory.☆422Updated 10 months ago
- Sleep Obfuscation☆661Updated 9 months ago
- Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)☆222Updated 3 weeks ago
- Now You See Me, Now You Don't☆743Updated 2 weeks ago
- Win32 and Kernel abusing techniques for pentesters☆909Updated last year
- Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…☆1,020Updated 2 years ago
- Signtool for expired certificates☆441Updated last year
- ☆451Updated 2 years ago
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆577Updated 2 years ago
- Dynamic unpacker based on PE-sieve☆650Updated 6 months ago
- Original C Implementation of the Hell's Gate VX Technique☆934Updated 3 years ago
- Shoggoth: Asmjit Based Polymorphic Encryptor☆655Updated 5 months ago
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆678Updated 4 years ago
- A bare minimum hypervisor on AMD and Intel processors for learners.☆189Updated last week
- PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.☆551Updated 11 months ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆627Updated 6 months ago
- Side-by-side comparison of the Windows and Linux (GNU) Loaders☆269Updated 2 weeks ago