NULL's repositories
AtomPePacker
A Highly capable Pe Packer
KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
DeleteShadowCopies
Deleting Shadow Copies In Pure C++
EtwSessionHijacking
A Poc on blocking Procmon from monitoring network events
Syscallslib
a library that automates some clean syscalls to make it easier to implement
ManualRsrcDataFetching
Get your data from the resource section manually, with no need for windows apis
RecycleBinPersistence
using the Recycle Bin to insure persistence
KctHijackLib
using the kct to run your shellcode the apt style
PerunsFart
replace and unhook ntdll from a suspended process
ToasterLoader
just a stupid way to run a payload
process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
KaynLdr
KaynLdr is a Reflective Loader written in C/ASM
VX-API
Collection of various malicious functionality to aid in malware development