Pinned Repositories
autochk-rootkit
Reverse engineered source code of the autochk rootkit
doublepulsar-usermode-injector
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
DreamLoader
Simple 32/64-bit PEs loader.
drvtricks
drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.
Harmony
A library for patching, replacing and decorating .NET and Mono methods during runtime
heap-exploitation
This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
HyperBone
Minimalistic VT-x hypervisor with hooks
MemoryPatchDetector
Detects code differentials between executables in disk and the corresponding processes/modules in memory
MProtect
orange_slice
A research kernel and hypervisor attempting to get fully deterministic emulation with minimum performance cost
a10ncoder's Repositories
a10ncoder/24h2-nt-exploit
Exploit targeting NT kernel in 24H2 Windows Insider Preview
a10ncoder/awesome-injection
Centralized resource for listing and organizing known injection techniques and POCs
a10ncoder/BestEdrOfTheMarket
Little AV/EDR bypassing lab for training & learning purposes
a10ncoder/Black-Angel-Rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
a10ncoder/EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
a10ncoder/EDRaser
a10ncoder/EDRception
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
a10ncoder/EPI
Threadless Process Injection through entry point hijacking.
a10ncoder/fisherman-rs
A hooking library for Rust
a10ncoder/GoodKit
Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity
a10ncoder/InflativeLoading
Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub
a10ncoder/JonMon
a10ncoder/KBlast
Windows Kernel Offensive Toolset
a10ncoder/Kernel-Process-Hollowing
Windows x64 kernel mode rootkit process hollowing POC.
a10ncoder/llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
a10ncoder/LOLSpoof
An interactive shell to spoof some LOLBins command line
a10ncoder/Nidhogg_Rootkit
Nidhogg is an all-in-one simple to use rootkit.
a10ncoder/Nimbo-C2
Nimbo-C2 is yet another (simple and lightweight) C2 framework
a10ncoder/PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
a10ncoder/PPLBlade
Protected Process Dumper Tool
a10ncoder/PPLSystem
a10ncoder/rootkit-rs
Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
a10ncoder/rust-shellcode
🤖 windows-rs shellcode loaders 🤖
a10ncoder/rust-simple-vm
a10ncoder/Stardust
A modern 64-bit position independent implant template
a10ncoder/Stinger
CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.
a10ncoder/TripleCrossEbpfRootkit
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
a10ncoder/VDR
Vulnerable driver research tool, result and exploit PoCs
a10ncoder/VX-API
Collection of various malicious functionality to aid in malware development
a10ncoder/winafl
A fork of AFL for fuzzing Windows binaries