ring0-c0d3-br34k3r / RE-MA-Roadmap
Reverse Engineering and Malware Analysis Roadmap
☆35Updated last month
Related projects: ⓘ
- BSides Prishtina 2024 Malware Development and Persistence workshop☆51Updated last month
- ☆36Updated 7 months ago
- Implementing the ghostly hollowing PE injection technique using tampered syscalls.☆108Updated 3 months ago
- ☆23Updated 4 months ago
- A stealthy, assembly-based tool for secure function address resolution, offering a robust alternative to GetProcAddress.☆67Updated 6 months ago
- A dynamic unpacking tool☆127Updated last year
- Exploitable drivers, you know what I mean☆124Updated 5 months ago
- Reflective DLL Injection Made Bella☆170Updated last week
- ☆121Updated last month
- ☆55Updated this week
- A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.☆81Updated last year
- Aplos an extremely simple fuzzer for Windows binaries.☆66Updated 5 months ago
- A bunch of scripts and code i wrote.☆128Updated last month
- Full exploit chain for Faronics-DeepFreeze-8☆3Updated last year
- This is way to load a shellcode, and obfuscate it, so it avoids scantime detection.☆45Updated 2 months ago
- PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.☆138Updated this week
- Admin to Kernel code execution using the KSecDD driver☆232Updated 5 months ago
- ☆105Updated last year
- Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…☆167Updated last year
- Virus.xcheck is a Python tool designed to bulk verify the existence of file hashes in the Virus Exchange database and fetch download URLs…☆43Updated 9 months ago
- Collection of one-liners to bypass User Account Control (UAC) in Windows. These techniques exploit certain behavior in Windows applicatio…☆83Updated 11 months ago
- Windows x64 kernel mode rootkit process hollowing POC.☆180Updated last year
- Exploit targeting NT kernel in 24H2 Windows Insider Preview☆99Updated 4 months ago
- The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples.☆52Updated 5 months ago
- Basic reverse shell in C using socket() with complete explanation☆64Updated last year
- A improved memory obfuscation primitive using a combination of special and 'normal' Asynchronous Procedural Calls☆99Updated last week
- Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation☆121Updated 5 months ago
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆61Updated last week
- Indirect Syscall implementation to bypass userland NTAPIs hooking.☆52Updated last month
- ☆204Updated this week