Top Repositories
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
CaveCarver - PE backdooring tool which utilizes and automates code cave technique
Windows x64 kernel mode rootkit process hollowing POC.
Shellcodev is a tool designed to help and automate the process of shellcode creation.
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
Repositories
18Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
Shellcodev is a tool designed to help and automate the process of shellcode creation.
No description provided.
A kernel-mode rootkit with remote control
Discord Webhook Cannon is a C# multithreaded, open-source Discord Webhook flooder. It can be used to flood webhooks which are used in malware.
Rasta's mouse AMSI patch but with function that makes it undetectable.
CaveCarver - PE backdooring tool which utilizes and automates code cave technique
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
C# DLL Injector written as simple as possible
Windows x64 kernel mode rootkit process hollowing POC.
Remake znanego wirusa Watykańczyka w C#
Overwrite MBR and add own custom message
WinREPL is a "read-eval-print loop" shell on Windows that is useful for testing/learning x86 and x64 assembly.
An Assembly x86 code that shows Windows MessageBox kept as simple as possible.
Example of C# heap injector for x64 and x86 shellcodes
Simple keylogger written in C# which is ready for modifications.
💉 Two C# RunPE's capable of x86 and x64 injections 💉