nqntmqmqmb / xorPackerLinks
A simple packer working with all PE files which cipher your exe with a XOR implementation
☆14Updated 5 years ago
Alternatives and similar repositories for xorPacker
Users that are interested in xorPacker are comparing it to the libraries listed below
Sorting:
- ☆16Updated 4 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆16Updated 7 years ago
- 💻 Windows 10 Kernel-mode rootkit☆32Updated 3 years ago
- ☆40Updated 4 years ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆40Updated 4 years ago
- Malware persistence via COM DLL hijacking. C++ implementation example☆13Updated 3 years ago
- Process Hollowing POC in CPP☆18Updated 4 years ago
- Clone running process with ZwCreateProcess☆58Updated 4 years ago
- Another Portable Executable files analysing stuff☆21Updated 14 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 3 years ago
- A simple injector that uses LoadLibraryA☆18Updated 5 years ago
- A Bumblebee-inspired Crypter☆78Updated 2 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆27Updated 3 years ago
- ☆36Updated 3 years ago
- Nice try reading NTDLL from disk, nerd.☆19Updated 3 years ago
- (Sim)ulate (Ba)zar Loader☆29Updated 4 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆74Updated 4 years ago
- Simple and sane compression wrapper library.☆18Updated 2 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆34Updated 5 years ago
- 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"☆40Updated 4 years ago
- ☆64Updated 2 years ago
- Listing UDP connections with remote address without sniffing.☆28Updated 2 years ago
- A simple PE loader.☆27Updated 2 years ago
- NT AUTHORITY\SYSTEM☆39Updated 5 years ago
- Ransoblin (Ransomware Bokoblin)☆18Updated 5 years ago
- x64 Registration-Free In-Process COM Automation Server.☆50Updated 2 years ago
- A C port of b33f's UrbanBishop☆38Updated 5 years ago
- Process Hollowing demonstration & explanation☆34Updated 4 years ago
- Get-PDInvokeImports is tool (PowerShell module) which is able to perform automatic detection of P/Invoke, Dynamic P/Invoke and D/Invoke u…☆54Updated 3 years ago
- Another AMSI bypass - but in C++.☆23Updated 2 years ago