NUL0x4C

Windows MalDev Enthusiasts | Seeking Knowledge | co-founder of maldevacademy.com

Lebanon

Pinned Repositories

APCLdr
Payload Loader With Evasion Features
Language:C301 4 252
AtomLdr
A DLL loader with advanced evasive features
Language:C610 9 585
AtomPePacker
A Highly capable Pe Packer
Language:C669 20 14112
DeleteShadowCopies
Deleting Shadow Copies In Pure C++
Language:C++113 3 024
EtwSessionHijacking
A Poc on blocking Procmon from monitoring network events
Language:C++100 4 013
GP
using the gpu to hide your payload
Language:C42 2 010
HellShell
transform your payload into ipv4/ipv6/mac arrays
Language:C115 4 018
KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
Language:C282 6 037
NoRunPI
Run Your Payload Without Running Your Payload
Language:C177 5 029
TerraLdr
A Payload Loader Designed With Advanced Evasion Features
Language:C495 11 483

NUL0x4C's Repositories

NUL0x4C/AtomPePacker
A Highly capable Pe Packer
Language:C669 20 14112
NUL0x4C/AtomLdr
A DLL loader with advanced evasive features
Language:C610 9 585
NUL0x4C/TerraLdr
A Payload Loader Designed With Advanced Evasion Features
Language:C495 11 483
NUL0x4C/APCLdr
Payload Loader With Evasion Features
Language:C301 4 252
NUL0x4C/KnownDllUnhook
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
Language:C282 6 037
NUL0x4C/NoRunPI
Run Your Payload Without Running Your Payload
Language:C177 5 029
NUL0x4C/HellShell
transform your payload into ipv4/ipv6/mac arrays
Language:C115 4 018
NUL0x4C/DeleteShadowCopies
Deleting Shadow Copies In Pure C++
Language:C++113 3 024
NUL0x4C/EtwSessionHijacking
A Poc on blocking Procmon from monitoring network events
Language:C++100 4 013
NUL0x4C/Syscallslib
a library that automates some clean syscalls to make it easier to implement
Language:C83 2 022
NUL0x4C/Ultra
A Small Poc On An Encryption/Decryption Algorithm Used As A File Locker
Language:C57 3 011
NUL0x4C/ManualRsrcDataFetching
Get your data from the resource section manually, with no need for windows apis
Language:C52 3 016
NUL0x4C/GP
using the gpu to hide your payload
Language:C42 2 010
NUL0x4C/T.D.P.
Using Thread Description To Hide Shellcodes
Language:C++14 3 08
NUL0x4C/KctHijackLib
using the kct to run your shellcode the apt style
Language:C13 2 05
NUL0x4C/RecycleBinPersistence
using the Recycle Bin to insure persistence
Language:C12 2 06
NUL0x4C/PerunsFart
replace and unhook ntdll from a suspended process
Language:C8 2 03
NUL0x4C/AsmLogger
asm keylogger that handles special characters and writes to a file
Language:Assembly7 2 05
NUL0x4C/ToasterLoader
just a stupid way to run a payload
Language:C++7 2 06
NUL0x4C/EDRs
Language:C3 0 03
NUL0x4C/process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
Language:C3 0 01
NUL0x4C/FOLIAGE
Public variation of FOLIAGE ( original developer )
Language:C2 0 0
NUL0x4C/process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Language:C2 0 02
NUL0x4C/Ekko
Sleep Obfuscation
Language:C1 0 01
NUL0x4C/herpaderping
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
Language:C++1 0 02
NUL0x4C/NUL0x4C
1 1 0
NUL0x4C/openbsd
Source code pulled from OpenBSD for LibreSSL - this includes most of the library and supporting code. The place to contribute to this code is via the OpenBSD CVS tree. Please mail patches to tech@openbsd.org, instead of submitting pull requests, since this tree is often rebased.
Language:C1 0 01
NUL0x4C/transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
Language:C1 0 02
NUL0x4C/KaynLdr
KaynLdr is a Reflective Loader written in C/ASM
Language:C0 01
NUL0x4C/VX-API
Collection of various malicious functionality to aid in malware development
Language:C++0 05