Research code & papers from members of vx-underground.
☆1,352Dec 7, 2021Updated 4 years ago
Alternatives and similar repositories for VXUG-Papers
Users that are interested in VXUG-Papers are comparing it to the libraries listed below
Sorting:
- Collection of various malicious functionality to aid in malware development☆1,845Feb 28, 2024Updated 2 years ago
- Collection of malware source code for a variety of platforms in an array of different programming languages.☆17,858Sep 10, 2025Updated 5 months ago
- ☆2,168Feb 21, 2023Updated 3 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆580Mar 8, 2024Updated last year
- Inject .NET assemblies into an existing process☆507Jan 19, 2022Updated 4 years ago
- AV/EDR evasion via direct system calls.☆1,994Jan 1, 2023Updated 3 years ago
- Alternative Shellcode Execution Via Callbacks☆1,698Nov 11, 2022Updated 3 years ago
- Original C Implementation of the Hell's Gate VX Technique☆1,163Jun 28, 2021Updated 4 years ago
- KaynLdr is a Reflective Loader written in C/ASM☆555Dec 3, 2023Updated 2 years ago
- AV/EDR evasion via direct system calls.☆1,795Sep 3, 2022Updated 3 years ago
- A PoC implementation for an evasion technique to terminate the current thread and restore it before resuming execution, while implementin…☆535Aug 1, 2022Updated 3 years ago
- Sleep Obfuscation☆817Dec 3, 2023Updated 2 years ago
- Open-Source Shellcode & PE Packer☆2,071Feb 3, 2024Updated 2 years ago
- A modern 32/64-bit position independent implant template☆1,295Mar 21, 2025Updated 11 months ago
- A shellcode function to encrypt a running process image when sleeping.☆340Sep 11, 2021Updated 4 years ago
- Nidhogg is an all-in-one simple to use windows kernel rootkit.☆2,274Feb 15, 2026Updated 2 weeks ago
- ScareCrow - Payload creation framework designed around EDR bypass.☆2,874Aug 18, 2023Updated 2 years ago
- Anti-virus artifacts. Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot.☆754Nov 16, 2021Updated 4 years ago
- SysWhispers on Steroids - AV/EDR evasion via direct system calls.☆1,594Jul 31, 2024Updated last year
- ☆615Jul 21, 2025Updated 7 months ago
- Resources for Windows exploit development☆1,649Dec 20, 2021Updated 4 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆499Feb 3, 2022Updated 4 years ago
- Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the in…☆1,183Jul 5, 2023Updated 2 years ago
- TartarusGate, Bypassing EDRs☆653Jan 25, 2022Updated 4 years ago
- A .NET Runtime for Cobalt Strike's Beacon Object Files☆772Sep 4, 2024Updated last year
- Cobalt Strike UDRL for memory scanner evasion.☆1,006Jun 4, 2024Updated last year
- An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting…☆1,092Jun 17, 2022Updated 3 years ago
- Red Team C code repo☆567Dec 16, 2024Updated last year
- A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!☆1,401Nov 22, 2023Updated 2 years ago
- Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers t…☆457Oct 25, 2021Updated 4 years ago
- Gets updates from various clearnet domains and ransomware threat actor domains☆416Apr 24, 2024Updated last year
- Template-Driven AV/EDR Evasion Framework☆1,779Nov 3, 2023Updated 2 years ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,254Aug 27, 2023Updated 2 years ago
- Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by …☆744Aug 18, 2023Updated 2 years ago
- ☆505Aug 14, 2022Updated 3 years ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,564Oct 31, 2025Updated 4 months ago
- Virus Exchange (VX) - Collection of malware or assembly code used for "offensive" purposed.☆192Aug 3, 2025Updated 7 months ago
- Enumerate and disable common sources of telemetry used by AV/EDR.☆844Mar 11, 2021Updated 4 years ago
- PoCs and tools for investigation of Windows process execution techniques☆953Feb 2, 2026Updated last month