Different methods to get current username without using whoami

C# Malware that Steal Discord Token Directly From Memory and bypass any kind of token protection

This is a free & Open source File dropper that is made strictly for EdUcAtIoNaL pUrPoSeS of course

PoC to self-delete a binary in C#

A builder for BatchStealer

Obfuscate payloads using IPv4, IPv6, MAC or UUID strings

RArAtikTdkA is a modern, c#-based malware with great undetectable techniques

Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder, a debugged process or a URL

This tool backs up all downloaded files during the malware execution period and helps the dynamic malware analysis process.

GetModuleHandle implementation in C# using only NtQueryInformationProcess by walking the PEB

GetProcAddress implementation in C# walking the PEB using only NtReadVirtualMemory

Read, write and delete Alternate Data Streams (ADS) within NTFS, to hide malicious payloads

Read, write and delete Extended Attributes (EAs) within NTFS, to hide malicious payloads

Stealthier alternative to whoami.exe in C#, it gets environment variables from PEB (PRTL_USER_PROCESS_PARAMETERS)

Source code of the Chaos Ransomware, also known as Ryuk and Yashma.

🔑 This C#-based stealer allows you to capture logs and send them directly to your Telegram bot.

Quite Fun Malware - Keylogger

C# implementation of Guard Pages API Hooking

Source code of the Yashma Ransomware, also known as Ryuk and Chaos.

Get process handle(s) from process name using NtGetNextProcess and GetProcessImageFileName