Fileless attack with persistence

Obfuscate specific windows apis with different apis

Using Driver Global Injection dll, it can hide DLL modules

使用MFC编写的病毒技术合集

/dev/null 📛

Post-exploitation tool for hiding processes from monitoring applications

A tool mainly to erase specified records from Windows event logs, with additional functionalities.

[Matias Rootkit] The tiny programs and scripts that don't deserve a project, but I still want to share.

MasterHide x64 Rootkit

（驱动内存加载）KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

内核级别隐藏指定窗口

内核驱动加载/卸载痕迹清理,努力绕过反作弊吧 PiDDBCacheTable and MmLastUnloadedDriver

Great explanation of Process Hollowing (a Technique often used in Malware)

Low Level Network Monitor - Proof of Concept application, which detects hidden TCP network communication produced by rootkit Pitou.

Nidhogg is an all-in-one simple to use rootkit for red teams.

A little code to crack some hashes found in the HackAV Rootkit

Rootkit for Windows 32-bit

Expanding Kernel Lazy Importer

2022 Updated Kernelmode-Code

💻 Windows 10 Kernel-mode rootkit