LSASS memory dumper using direct system calls and API unhooking.

Literally, the perfect injector.

repository for kernel exploit practice

Reverse engineered source code of the autochk rootkit

A tool to elevate privilege with Windows Tokens

Configurable instrumentation of LLVM bitcode

A tool to help malware analysts tell that the sample is injecting code into other process.

KVM-based Virtual Machine Introspection

Hook system calls, context switches, page faults and more.

An intentionally vulnerable linux driver for research purposes/practice in kernel exploit dev

A collection of links related to Linux kernel security and exploitation

Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)

UAC bypass, Elevate, Persistence methods

Code for the cross platform, single source, OpenDTrace implementation

Cisco Talos MBR Filter Driver

Code for diskless loading of ELF Shared Library using Reflective DLL Injection

Technion CS Ransomware Project: Writing Windows Mini-Filter Driver to protect PC from Ransomware

Simple 32/64-bit PEs loader.

A C# based memory editing library targeting Windows applications, offering various functions to extract and inject data and codes into remote processes to allow interoperability.

Sandbox d'analyse de malware pour Windows 7 avec un client TCP en mode noyau

List of Awesome Red Teaming Resources

Windows Object Explorer 64-bit

Detects code differentials between executables in disk and the corresponding processes/modules in memory

Hide your Powershell script in plain sight. Bypass all Powershell security features

Detecting execution of kernel memory where is not backed by any image file

HORSEPILL rootkit PoC

Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-dete…

The Horrific Omnipotent Rootkit