a10ncoder's repositories
24h2-nt-exploit
Exploit targeting NT kernel in 24H2 Windows Insider Preview
awesome-injection
Centralized resource for listing and organizing known injection techniques and POCs
BestEdrOfTheMarket
Little AV/EDR bypassing lab for training & learning purposes
EDRception
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
EntropyReducer
Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
EPI
Threadless Process Injection through entry point hijacking.
fisherman-rs
A hooking library for Rust
GoodKit
Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity
InflativeLoading
Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub
KBlast
Windows Kernel Offensive Toolset
Kernel-Process-Hollowing
Windows x64 kernel mode rootkit process hollowing POC.
llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
LOLSpoof
An interactive shell to spoof some LOLBins command line
MS-Ransomware
All credits to wannacry :)
Nidhogg_Rootkit
Nidhogg is an all-in-one simple to use rootkit.
Nimbo-C2
Nimbo-C2 is yet another (simple and lightweight) C2 framework
nullmap
Using CVE-2023-21768 to manual map kernel mode driver
PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
PPLBlade
Protected Process Dumper Tool
rootkit-rs
Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
Rubeus
Trying to tame the three-headed dog.
rust-shellcode
🤖 windows-rs shellcode loaders 🤖
Stardust
A modern 64-bit position independent implant template
Stinger
CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.
TripleCrossEbpfRootkit
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
VDR
Vulnerable driver research tool, result and exploit PoCs
winafl
A fork of AFL for fuzzing Windows binaries