XaFF's repositories
Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
Black-Angel-Rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
CaveCarver
CaveCarver - PE backdooring tool which utilizes and automates code cave technique
Kernel-Process-Hollowing
Windows x64 kernel mode rootkit process hollowing POC.
Shellcodev
Shellcodev is a tool designed to help and automate the process of shellcode creation.
ZwProcessHollowing
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
2Simple-Dll-Injector
C# DLL Injector written as simple as possible
Heap-Injection
Example of C# heap injector for x64 and x86 shellcodes
MBR-Overwrite-with-custom-message
Overwrite MBR and add own custom message
Watykanczyk
Remake znanego wirusa Watykańczyka w C#
2Simple-Keylogger
Simple keylogger written in C# which is ready for modifications.
AMSI-Bypass
Rasta's mouse AMSI patch but with function that makes it undetectable.
Assembler-MessageBox
An Assembly x86 code that shows Windows MessageBox kept as simple as possible.
Discord-Webhook-Cannon
Discord Webhook Cannon is a C# multithreaded, open-source Discord Webhook flooder. It can be used to flood webhooks which are used in malware.
Win_Rootkit
A kernel-mode rootkit with remote control