a10ncoder's repositories
24h2-nt-exploit
Exploit targeting NT kernel in 24H2 Windows Insider Preview
awesome-injection
Centralized resource for listing and organizing known injection techniques and POCs
BestEdrOfTheMarket
Little AV/EDR bypassing lab for training & learning purposes
Black-Angel-Rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
EDRception
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
EPI
Threadless Process Injection through entry point hijacking.
fisherman-rs
A hooking library for Rust
GoodKit
Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity
InflativeLoading
Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub
KBlast
Windows Kernel Offensive Toolset
Kernel-Process-Hollowing
Windows x64 kernel mode rootkit process hollowing POC.
llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
LOLSpoof
An interactive shell to spoof some LOLBins command line
Nidhogg_Rootkit
Nidhogg is an all-in-one simple to use rootkit.
Nimbo-C2
Nimbo-C2 is yet another (simple and lightweight) C2 framework
PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
PPLBlade
Protected Process Dumper Tool
rootkit-rs
Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
rust-shellcode
🤖 windows-rs shellcode loaders 🤖
Stardust
A modern 64-bit position independent implant template
Stinger
CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.
TripleCrossEbpfRootkit
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
VDR
Vulnerable driver research tool, result and exploit PoCs
VX-API
Collection of various malicious functionality to aid in malware development
winafl
A fork of AFL for fuzzing Windows binaries