nqntmqmqmb / xorPacker
A simple packer working with all PE files which cipher your exe with a XOR implementation
☆14Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for xorPacker
- A simple injector that uses LoadLibraryA☆16Updated 4 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆67Updated 3 years ago
- Listing UDP connections with remote address without sniffing.☆30Updated last year
- API Hammering with C++20☆34Updated 2 years ago
- An example of COM hijacking using a proxy DLL.☆24Updated 3 years ago
- Collection of source code for Polymorphic, Metamorphic, and Permutation Engines used in Malware☆25Updated 5 years ago
- ☆15Updated 3 years ago
- Process Hollowing POC in CPP☆15Updated 4 years ago
- Collection of shellcode injection and execution techniques☆16Updated 3 years ago
- NT AUTHORITY\SYSTEM☆38Updated 4 years ago
- ☆25Updated 3 weeks ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆30Updated 2 years ago
- really ?☆12Updated 8 months ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆37Updated 3 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Updated 2 years ago
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆24Updated last year
- Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping☆45Updated 2 years ago
- C# loader capable of running stage-1 from remote url, file path as well as file share☆14Updated last year
- using the Recycle Bin to insure persistence☆11Updated 2 years ago
- ☆12Updated 4 years ago
- An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot☆59Updated last year
- Another AMSI bypass - but in C++.☆23Updated last year
- Your NTDLL vaccine from modern direct syscall methods.☆35Updated 2 years ago
- ☆37Updated 3 years ago
- Create a C++ PE which loads an XTEA-crypted .NET PE shellcode in memory.☆15Updated 6 years ago
- C code to enable ETW tracing for Dotnet Assemblies☆28Updated 2 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆33Updated 4 years ago
- DarkRats Standalone HVNC☆23Updated 2 years ago