Pinned Repositories
Atom_bombing
Commented version of Atom_bombing injection technique. Original source code from https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows
Carberp
Carberp Banking Trojan
CreateProcess
A simple C++ app to demo the use of CreateProcess() ,WaitForSingleObject() and use of handles.
DanSpecial
Weaponizing Gigabyte driver for priv escalation and bypass PPL
DrvMon
Advanced driver monitoring utility.
FileTest
Source code for File Test - Interactive File System Test Tool
malware-source-nanomites
NtCreateUserProcess_
peta909's Repositories
peta909/DrvMon
Advanced driver monitoring utility.
peta909/VB2024_MCE_WorkShop
Materials required for VB2024 MCE Workshop
peta909/vxlang-page
protector & obfuscator & code virtualizer
peta909/BlackLotus
BlackLotus UEFI Windows Bootkit
peta909/config_extractors
Configuration extractors/decryptors for various Windows malware families.
peta909/Configuration_extractors
Configuration Extractors for Malware
peta909/d810
peta909/dnlib
Reads and writes .NET assemblies and modules
peta909/donut-decryptor
Retrieve inner payloads from Donut samples
peta909/finspy_devirtualizer
peta909/FullBypass
A tool which bypasses AMSI (AntiMalware Scan Interface) and PowerShell CLM (Constrained Language Mode) and gives you a FullLanguage PowerShell reverse shell. Feel free to modiy and DM if you find some bugs :)
peta909/GootUnloader
GootUnloader — Unpack GootLoader with Frida
peta909/ipyida
IPython console integration for IDA Pro
peta909/KDU
Kernel Driver Utility
peta909/Kernel_Driver_writing_Tutorial
Recon 2023 slides and code
peta909/MalwareAnalysisReports
Reports in .MD format
peta909/Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
peta909/obfus.h
Macro-header for compile-time C obfuscation (tcc, win x86/x64)
peta909/Parasite-Invoke
Hide your P/Invoke signatures through other people's signed assemblies
peta909/PoolParty
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
peta909/python-xdis
Python cross-version bytecode library and disassembler
peta909/Quasar
Remote Administration Tool for Windows
peta909/Rapid7-Labs
Rapid7 Labs operates as the division of Rapid7 focused on threat research. It is renowned for providing comprehensive threat intelligence, research and analytics.
peta909/rat_king_parser
A robust, multiprocessing-capable, multi-family RAT config parser/config extractor for AsyncRAT, DcRAT, VenomRAT, QuasarRAT, and cloned/derivative RAT families.
peta909/RATDecoders
Python Decoders for Common Remote Access Trojans
peta909/rust-re-tour
A tour of what some Rust language features look like after compilation.
peta909/sharem
SHAREM is a shellcode analysis framework, capable of emulating more than 12,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
peta909/TCSA
peta909/VMProtect-Source
Source of VMProtect (NOT OFFICIALLY)
peta909/WubbabooMark
Debugger Anti-Detection Benchmark