uf0o / rootkit-arsenal-guacamoleView external linksLinks
An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples
☆74Apr 11, 2022Updated 3 years ago
Alternatives and similar repositories for rootkit-arsenal-guacamole
Users that are interested in rootkit-arsenal-guacamole are comparing it to the libraries listed below
Sorting:
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- ☆20Mar 15, 2023Updated 2 years ago
- Rootkit Arsenal 2nd Source Code☆15Aug 6, 2013Updated 12 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆239Nov 6, 2019Updated 6 years ago
- ☆23May 17, 2022Updated 3 years ago
- A PoC tool for exploiting leaked process and thread handles☆32Feb 13, 2024Updated 2 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- https://blog.f-secure.com/hiding-malicious-code-with-module-stomping/☆126Sep 19, 2019Updated 6 years ago
- C Header Only Library for Virii☆12Nov 17, 2020Updated 5 years ago
- automates exploits using ROP chains, using ntdll-scraper☆16May 26, 2022Updated 3 years ago
- Code for blog written at 0xdarkvortex.dev Red Team TTPs Part 2☆19Oct 8, 2020Updated 5 years ago
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- Function hooks in Windows NT Kernel☆27Oct 13, 2020Updated 5 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- ☆163Sep 18, 2021Updated 4 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆50Jan 15, 2021Updated 5 years ago
- ☆153Jul 31, 2022Updated 3 years ago
- Illustrates the concept of return address spoofing, and how it is used.☆14May 13, 2020Updated 5 years ago
- ☆16Oct 31, 2022Updated 3 years ago
- A simple way to spoof return addresses using an exception handler☆43Aug 3, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- PoC for hiding PE exports☆67Dec 19, 2020Updated 5 years ago
- Dump mapped PE files from memory to the disk☆20Jun 28, 2019Updated 6 years ago
- Various methods of executing shellcode☆74Mar 27, 2023Updated 2 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- ☆24Sep 26, 2021Updated 4 years ago
- hooking KiUserApcDispatcher☆25Apr 3, 2017Updated 8 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.☆192Aug 3, 2025Updated 6 months ago
- 横向移动三剑客 ( Lateral movement tools)☆30Nov 16, 2021Updated 4 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆581Mar 8, 2024Updated last year
- Data and structures regarding the research done on WdFilter☆12Apr 15, 2020Updated 5 years ago
- Various shellcodes☆13Sep 1, 2020Updated 5 years ago
- NASM listing to shellcode converter☆14May 6, 2018Updated 7 years ago
- source code for the examples and topics from the book☆10Mar 11, 2019Updated 6 years ago
- mash hypervisor host pml4☆17Jun 22, 2022Updated 3 years ago
- ☆33Dec 22, 2020Updated 5 years ago
- Shh0ya Kernel Hook Driver☆25Dec 8, 2020Updated 5 years ago
- Yet another variant of Process Hollowing☆426Jul 31, 2025Updated 6 months ago