Lloyd Davies's repositories
delete-self-poc
A way to delete a locked file, or current running executable, on disk.
wsb-detect
wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
ntqueueapcthreadex-ntdll-gadget-injection
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
Windows-API-Hashing
This is a simple example and explanation of obfuscating API resolution via hashing
shellcode-plain-sight
Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
elf-strings
elf-strings will programmatically read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.
dearg-thread-ipc-stealth
A novel technique to communicate between threads using the standard ETHREAD structure
go-malwarebazaar
MalwareBazaar public API bindings for Go
sgrm-research
Repository to compliment my blog post on System Guard Runtime Monitor
pafish-macos
A macOS pafish-like port to detect analysis/virtual environments