Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
-
Updated
May 2, 2024 - C
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
AV Evasion Tool For Red Team Ops
C++ self-Injecting dropper based on various EDR evasion techniques.
AV bypass while you sip your Chai!
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
ApexLdr is a DLL Payload Loader written in C
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
A CUSTOM CODED FUD DLL, CODED IN C , WHEN LOADED , VIA A DECOY WEB-DELIVERY MODULE( FIRING A DECOY PROGRAM), WILL GIVE A REVERSE SHELL (POWERSHELL) FROM THE VICTIM MACHINE TO THE ATTACKER CONSOLE , OVER LAN AND WAN.
A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.
PoC arbitrary WPM without a process handle
NTAPI hook bypass with (semi) legit stack trace
Beacon Object File PoC implementation of KillDefender
A simple, reproducible PE Packer (x64)
Add a description, image, and links to the av-evasion topic page so that developers can more easily learn about it.
To associate your repository with the av-evasion topic, visit your repo's landing page and select "manage topics."