- Turkey
1337
Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) PhantomThread (An evolved callstack-masking implementation)
32-bit PoC for CVE-2024-6387 — mirror of the original 7etsuo/cve-2024-6387-poc
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
A technique that can be used to bypass AV/EDR memory scanners. This can be used to hide well-known and detected shellcodes (such as msfvenom) by performing on-the-fly decryption of individual encry…
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
Google Calendar RAT is a PoC of Command&Control over Google Calendar Events
A dynamically loadable virtual-machine based rootkit designed for Linux Kernel v5.13.0 using AMD-V (SVM).
Situational Awareness commands implemented using Beacon Object Files
Rusty Hypervisor - Windows Kernel Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)
Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap
Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
Using CVE-2023-21768 to manual map kernel mode driver
baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
The materials of "Hypervisor 101 in Rust", a one-day long course, to quickly learn hardware-assisted virtualization technology and its application for high-performance fuzzing on Intel/AMD processors.
CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM
Cloudflare, Sucuri, Incapsula real IP tracker.
A simple ptrace-less shared library injector for x64 Linux
A collection of tools, source code, and papers researching Windows' implementation of CET.
A Raspberry Pi 4 Based Camera Triggerbot