Nelson's repositories
encrypted_value
Templated structure to encrypt C++ variable
File-Binder
Binds two files together and updates the stub accordingly. The stub will then drop and execute both files.
libsplice
Library for kernel and user mode splicing for Windows (x86 and x64).
net-traveler
Public open-source code of malware NetTraveler (aka TravNet).
ntdrvldr
A driver loader for Windows NT using NtLoadDriver()
Packer
PoC executable packer using resources
pcmonitor
pcmonitor - windows kernel driver to monitor users activity(such as keyboard input, screenshot) and send encrypted reports to mobile applications in realtime through intermediate web server
pe-infector
Infects PE files with shellcode
phantasm-x86-virtualizer
Code virtualizer
PowerLoader
Power Loader botnet
python-x86-obfuscator
This is a **WIP** tool that performs shellcode obfuscation in x86 instruction set.
rewolf-x86-virtualizer
Simple VM based x86 PE (portable exectuable) protector.
shamoon
Public open-source code of malware Shamoon (aka Disttrack).
WinIoCtlDecoder
IDA Plugin which decodes Windows Device I/O control code into DeviceType, FunctionCode, AccessType and MethodType.
x86-instruction-encoding-tutorial
x86 Instruction Encoding Tutorial