Cognito-SZN's starred repositories
efi-memory
PoC EFI runtime driver for memory r/w & kdmapper fork
paradoxiaRAT
ParadoxiaRat : Native Windows Remote access Tool.
Thanatos-BOTNET
Thanatos.
drive-by-download
Generate a post exploit script to download an arbitrary file using HTML5's Blob object (https://developer.mozilla.org/en-US/docs/Web/API/Blob)
cs-rdll-ipc-example
Example code for using named pipe output with beacon ReflectiveDLLs
Docx-Exploit-2021
This docx exploit uses res files inside Microsoft .docx file to execute malicious files. This exploit is related to CVE-2021-40444
serpentine
C++/Win32/Boost Windows RAT (Remote Administration Tool) with a multiplatform Java/Spring RESTful C2 server and Go, C++/Qt5 frontends
CVE-2021-40444
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
Win64-Rovnix-VBR-Bootkit
Win64/Rovnix - Volume Boot Record Bootkit
UEFI-Bootkit
A small bootkit which does not rely on x64 assembly.
HideProcess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
Win_Rootkit
A kernel-mode rootkit with remote control
MasterHide
A x64 Windows Rootkit using SSDT or Hypervisor hook
WindowsRegistryRootkit
Kernel rootkit, that lives inside the Windows registry values data
r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.