tmenochet / XorPacker
Basic packer using XOR encryption
☆27Updated 9 months ago
Alternatives and similar repositories for XorPacker:
Users that are interested in XorPacker are comparing it to the libraries listed below
- (Sim)ulate (Ba)zar Loader☆29Updated 4 years ago
- Recreating and reviewing the Windows persistence methods☆39Updated 3 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆104Updated 4 years ago
- A small commented POC for removing API hooks placed by AV/EDR.☆33Updated 4 years ago
- Gozi ISFB is a well-known and widely distributed banking trojan, and has been in the threat landscape for the past several years.☆63Updated 6 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆93Updated 5 years ago
- Overwrite a process's recovery callback and execute with WER☆102Updated 2 years ago
- A simple dumper as FreshyCalls' PoC. That's what's trendy, isn't it? ¯\_(ツ)_/¯☆39Updated 4 years ago
- Compile shellcode into an exe file from Windows or Linux.☆60Updated 3 years ago
- ☆37Updated 3 years ago
- Various tools, PoCs and experiments related to my blog at https://www.forrest-orr.net/☆36Updated 3 years ago
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆68Updated 2 years ago
- C++ function that will automagically unhook a specified Windows API☆60Updated 4 years ago
- ☆54Updated 3 years ago
- A proof of concept I developed to improve Gargoyle back in 2018 to achieve true memory obfuscation from position independent code☆40Updated 4 months ago
- A simple PoC to demonstrate that is possible to write Non writable memory and execute Non executable memory on Windows☆52Updated 3 years ago
- Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used☆92Updated 3 years ago
- Resolve syscall numbers at runtime for all Windows versions.☆60Updated last month
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆68Updated 4 years ago
- DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…☆119Updated 2 years ago
- Injects shellcode into remote processes using direct syscalls☆74Updated 4 years ago
- ☆10Updated 3 years ago
- Mochi is a proof-of-concept C++ loader that leverages the ChaiScript embedded scripting language to execute code.☆99Updated 2 years ago
- ☆36Updated 3 years ago
- An example of COM hijacking using a proxy DLL.☆25Updated 3 years ago
- C++ implant that interfaces with a SK8PARK server☆47Updated 3 years ago
- DInvisibleRegistry☆81Updated 4 years ago
- "An Introduction to Windows Exploit Development" is an open sourced, free Windows exploit development course I created for the Southeast …☆39Updated 4 years ago