Multipurpose malware framework utilizing vk.com as c2
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.
KaynLdr is a Reflective Loader written in C/ASM
A work in progress of constructing a minimal http(s) beacon for Cobalt Strike.
A collaborative, multi-platform, red teaming framework
Hiding the window from screenshots using the function win32kfull::ChangeWindowTreeProtection
stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device objects.
Threat Emulation and Red Teaming Framework, The Hacking Software for normal people.
A kernel mode Windows rootkit in development.
Timestomping module: overwrite file create/modify times in .NET (no pinvoke)
Using Thread Description To Hide Shellcode
Python / C# Unmanaged PowerShell based RAT
Titan: A crappy Reflective Loader written in C and assembly for Cobalt Strike. Redirects DNS Beacon over DoH
Public variation of Titan Loader
Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits
You shall pass