a10ncoder's repositories
CheekyBlinder
Enumerating and removing kernel callbacks using signed vulnerable drivers
CobaltStrike
CobaltStrike's source code
Cpp-High-Performance-Second-Edition
C++ High Performance Second Edition, published by Packt
DoublePulsarPayload
C++ implementation of DOUBLEPULSAR usermode shellcode. Yet another Reflective DLL loader.
herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
In-memory-Attack
In-memory Attack
KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
Kernel-Bridge
Windows kernel hacking framework, driver template, hypervisor and API written on C++
kernel-codecave-poc
Proof of concept on how to bypass some limitations of a manual mapped driver
Mapping-Injection
Just another Windows Process Injection
MemoryRanger
MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. MemoryRanger has been presented at the BlackHat, HITB, CDFSL.
openedr
Open EDR public repository
PIC-Get-Privileges
Building and Executing Position Independent Shellcode from Object Files in Memory
PPLKiller
Protected Processes Light Killer
ProcMonXv2
Process Monitor X v2
rust-windows-shellcode
Windows shellcode development in Rust
SassyKitdi
Kernel Mode TCP Sockets + LSASS Dump (Rust Shellcode)
SimpleSvmHook
SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.
spectre
A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
syscall-detect
PoC capable of detecting manual syscalls from usermode.
TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.