Pinned Repositories
autochk-rootkit
Reverse engineered source code of the autochk rootkit
CodeMachineCourse
doublepulsar-usermode-injector
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
DreamLoader
Simple 32/64-bit PEs loader.
drvtricks
drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.
Harmony
A library for patching, replacing and decorating .NET and Mono methods during runtime
heap-exploitation
This book on heap exploitation is a guide to understanding the internals of glibc's heap and various attacks possible on the heap structure.
HyperBone
Minimalistic VT-x hypervisor with hooks
MemoryPatchDetector
Detects code differentials between executables in disk and the corresponding processes/modules in memory
MProtect
a10ncoder's Repositories
a10ncoder/AceLdr
Cobalt Strike UDRL for memory scanner evasion.
a10ncoder/books
a10ncoder/CallMeWin32kDriver
Load your driver like win32k.sys
a10ncoder/com_inject
a10ncoder/cppbestpractices
Collaborative Collection of C++ Best Practices. This online resource is part of Jason Turner's collection of C++ Best Practices resources. See README.md for more information.
a10ncoder/Cronos-Rootkit
Cronos is Windows 10/11 x64 ring 0 rootkit. Cronos is able to hide processes, protect and elevate them with token manipulation.
a10ncoder/CWUtils
A set of standalone APIs for developers to speed up their programming
a10ncoder/DetectWindowsCopyOnWriteForAPI
Enumerate various traits from Windows processes as an aid to threat hunting
a10ncoder/DrvMon
Advanced driver monitoring utility.
a10ncoder/EDRSandblast
a10ncoder/elam
A Practical example of ELAM (Early Launch Anti-Malware)
a10ncoder/EntropyReducer
Reduce Entropy And Obfuscate Youre Payload With Serialized Linked Lists
a10ncoder/EtwTi-Syscall-Hook
A simple program to hook the current process to identify the manual syscall executions on windows
a10ncoder/Hypervisor-From-Scratch
Source code of a multiple series of tutorials about the hypervisor. Available at: https://rayanfam.com/tutorials
a10ncoder/MalwareApiLibrary
collection of apis used in malware development
a10ncoder/MS-Ransomware
All credits to wannacry :)
a10ncoder/nullmap
Using CVE-2023-21768 to manual map kernel mode driver
a10ncoder/Offensive-Rust
a10ncoder/offensive_stuff
miscellaneous scripts and programs
a10ncoder/PowerShell-BlueTeam
PowerShell for Blue Team
a10ncoder/Proxy-DLL-Loads
The code is a pingback to the Dark Vortex blog:
a10ncoder/r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
a10ncoder/RCLocals
Linux startup analyzer
a10ncoder/rootkit-rs
Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
a10ncoder/Rubeus
Trying to tame the three-headed dog.
a10ncoder/SharpSelfDelete
C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs
a10ncoder/SideLoadingDLL
a10ncoder/SysmonSimulator
Sysmon event simulation utility which can be used to simulate the attacks to generate the Sysmon Event logs for testing the EDR detections and correlation rules by Blue teams.
a10ncoder/TamperingSyscalls
a10ncoder/windows-ps-callbacks-experiments
Files for http://deniable.org/windows/windows-callbacks