Lists (13)
Starred repositories
Simple Kernelmode DLL Injector with Manual mapping
A library to develop kernel level Windows payloads for post HVCI era
A Collection of In-Memory Shellcode Execution Techniques for Windows
HEVD Exploit: BufferOverflowNonPagedPoolNx on Windows 10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
kernel callback removal (Bypassing EDR Detections)
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)
This will compile a list of Android, iOS, Linux malware techniques for attacking and detection purposes.
Efficient RAT signature locator for bypassing AV/EDR, supporting static scanning and memory scanning.
Hook system calls on Windows by using Kaspersky's hypervisor
Bypassing antivirus detection: old-school malware, new tricks
This repository contains a comprehensive testing designed for evaluating the performance and resilience of Endpoint Detection and Response (EDR) systems
StoneKeeper C2, an experimental EDR evasion framework for research purposes
DFIR LABS - A compilation of challenges that aims to provide practice in simple to advanced concepts in the following topics: Digital Forensics, Incident Response, Malware Analysis and Threat Hunting.
HookChain: A new perspective for Bypassing EDR Solutions
This is a repo of my previous BEKernelDriver but updated to add better protections and a more detailed setup. also with a good bit of code cleanup.
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
A collection of exploits and exercises developed while preparing for the eCXD exam!
Remote Thread Detection with a Kernel Driver
Windows rootkit designed to work with BYOVD exploits
Various public documents, whitepapers and articles about APT campaigns