Pinned Repositories
autochk-rootkit
Reverse engineered source code of the autochk rootkit
CodeMachineCourse
CVE-2025-21333-POC-driver-exploit
POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY
doublepulsar-usermode-injector
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
DreamLoader
Simple 32/64-bit PEs loader.
DrvMon
Advanced driver monitoring utility.
drvtricks
drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.
Harmony
A library for patching, replacing and decorating .NET and Mono methods during runtime
heap-exploitation
This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
HyperBone
Minimalistic VT-x hypervisor with hooks
a10ncoder's Repositories
a10ncoder/CVE-2025-21333-POC-driver-exploit
POC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY
a10ncoder/24h2-nt-exploit
Exploit targeting NT kernel in 24H2 Windows Insider Preview
a10ncoder/BestEdrOfTheMarket
Little AV/EDR bypassing lab for training & learning purposes
a10ncoder/Black-Angel-Rootkit
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
a10ncoder/EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
a10ncoder/EDRception
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
a10ncoder/EDRNoiseMaker
Detect WFP filters blocking EDR communications
a10ncoder/EDRPrison
Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry
a10ncoder/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
a10ncoder/EPI
Threadless Process Injection through entry point hijacking.
a10ncoder/GoodKit
Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity
a10ncoder/HookGuard
Hooking Windows' exception dispatcher to protect process's PML4
a10ncoder/InflativeLoading
Dynamically convert a native EXE to PIC shellcode by prepending a shellcode stub
a10ncoder/kernel-callback-removal
kernel callback removal (Bypassing EDR Detections)
a10ncoder/llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
a10ncoder/LOLSpoof
An interactive shell to spoof some LOLBins command line
a10ncoder/Nidhogg_Rootkit
Nidhogg is an all-in-one simple to use rootkit.
a10ncoder/PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
a10ncoder/PPLSystem
a10ncoder/rootkit-blackpill
A Linux kernel rootkit in Rust using a custom made type-2 hypervisor, eBPF XDP and TC programs
a10ncoder/rust-simple-vm
a10ncoder/Shellcode-Example
shell code example
a10ncoder/Stardust
A modern 64-bit position independent implant template
a10ncoder/Stinger
CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.
a10ncoder/Testdevel
test
a10ncoder/TripleCrossEbpfRootkit
A Linux eBPF rootkit with a backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
a10ncoder/VDR
Vulnerable driver research tool, result and exploit PoCs
a10ncoder/VX-API
Collection of various malicious functionality to aid in malware development
a10ncoder/vxlang-page
protector & obfuscator & code virtualizer
a10ncoder/winafl
A fork of AFL for fuzzing Windows binaries