NUL0x4C

Windows MalDev Enthusiasts | Seeking Knowledge | co-founder of maldevacademy.com

Lebanon

Pinned Repositories

APCLdr
Payload Loader With Evasion Features
Language:C313 5 254
AtomLdr
A DLL loader with advanced evasive features
Language:C684 10 591
AtomPePacker
A Highly capable Pe Packer
Language:C689 21 15118
DeleteShadowCopies
Deleting Shadow Copies In Pure C++
Language:C++114 4 023
EtwSessionHijacking
A Poc on blocking Procmon from monitoring network events
Language:C++100 5 012
GP
using the gpu to hide your payload
Language:C53 3 09
HellShell
transform your payload into ipv4/ipv6/mac arrays
Language:C162 5 026
KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
Language:C289 7 039
NoRunPI
Run Your Payload Without Running Your Payload
Language:C179 6 029
TerraLdr
A Payload Loader Designed With Advanced Evasion Features
Language:C506 12 482

NUL0x4C's Repositories

NUL0x4C/AtomPePacker
A Highly capable Pe Packer
Language:C689 21 15118
NUL0x4C/AtomLdr
A DLL loader with advanced evasive features
Language:C684 10 591
NUL0x4C/TerraLdr
A Payload Loader Designed With Advanced Evasion Features
Language:C506 12 482
NUL0x4C/APCLdr
Payload Loader With Evasion Features
Language:C313 5 254
NUL0x4C/KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
Language:C289 7 039
NUL0x4C/NoRunPI
Run Your Payload Without Running Your Payload
Language:C179 6 029
NUL0x4C/HellShell
transform your payload into ipv4/ipv6/mac arrays
Language:C162 5 026
NUL0x4C/DeleteShadowCopies
Deleting Shadow Copies In Pure C++
Language:C++114 4 023
NUL0x4C/EtwSessionHijacking
A Poc on blocking Procmon from monitoring network events
Language:C++100 5 012
NUL0x4C/Syscallslib
a library that automates some clean syscalls to make it easier to implement
Language:C84 3 022
NUL0x4C/FetchPayloadFromDummyFile
Construct the payload at runtime using an array of offsets
Language:C60 2 08
NUL0x4C/ManualRsrcDataFetching
Get your data from the resource section manually, with no need for windows apis
Language:C56 3 016
NUL0x4C/GP
using the gpu to hide your payload
Language:C53 3 09
NUL0x4C/T.D.P.
Using Thread Description To Hide Shellcodes
Language:C++14 3 08
NUL0x4C/KctHijackLib
using the kct to run your shellcode the apt style
Language:C13 3 05
NUL0x4C/RecycleBinPersistence
using the Recycle Bin to insure persistence
Language:C12 2 06
NUL0x4C/PerunsFart
replace and unhook ntdll from a suspended process
Language:C8 3 02
NUL0x4C/AsmLogger
asm keylogger that handles special characters and writes to a file
Language:Assembly7 2 02
NUL0x4C/ToasterLoader
just a stupid way to run a payload
Language:C++7 3 06
NUL0x4C/EDRs
Language:C5 0 03
NUL0x4C/FOLIAGE
Public variation of FOLIAGE ( original developer )
Language:C3 1 01
NUL0x4C/process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
Language:C3 0 01
NUL0x4C/Ekko
Sleep Obfuscation
Language:C2 0 02
NUL0x4C/herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Language:C++1 0 02
NUL0x4C/NUL0x4C
1 1 0
NUL0x4C/openbsd
Source code pulled from OpenBSD for LibreSSL - this includes most of the library and supporting code. The place to contribute to this code is via the OpenBSD CVS tree. Please mail patches to tech@openbsd.org, instead of submitting pull requests, since this tree is often rebased.
Language:C1 0 01
NUL0x4C/process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Language:C1 0 02
NUL0x4C/transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
Language:C1 0 02
NUL0x4C/KaynLdr
KaynLdr is a Reflective Loader written in C/ASM
Language:C0 01
NUL0x4C/VX-API
Collection of various malicious functionality to aid in malware development
Language:C++0 05