Me writing crappy malware and archiving it for future reference.
DISCLAIMER: A lot of this stuff doesnt work, is copied or badly written. This is my archive so I can refer to this when I need code snippets.
| Name | Description | Language |
|---|---|---|
| Keylogger | Basic Keylogger | C++ |
| ClipboardStealer | Basic Clipboard Stealer | C++ |
| Nimject | My stupid first syscall packer | Nim |
| Dynamic Resolving Shellcode Runner | Shellcode Runner that resolves functions dynamically, resulting in a PE with an empty IAT | C++ |
| Process Hollowing XOR | ProcessHollowing injector with XOR encrypted Payload | C# |
| Process Hollowing AES | ProcessHollowing injector with AES encrypted Payload | C++ |
| ProcHollowDinvoke | ProcessHollowing injector using DInvoke | C# |
| InvokeAsAdmin | Kindly Ask for Admin Permissions before invoking Shellcode | C# |
| APC-Q_Unhooking | Overwrite hooked ntdll with a fresh copy to avoid EDR hooks and invoke Shellcode via APC-Queuing. | C++ |
| Parallel Syscalls Technique | Read syscall numbers from ntdll for selected syscalls from LdrpThunkSignature and use these syscalls to read a fresh unhooked ntdll from disc. |
C++ |
| PPID Spoofing | Spoof Parent Process ID by using NtCreateUserProcess | C++ |
| Reflective PE Injection | Reflective PE Injection | C++ |
| Shellcode String Encoder | Use strings from a binary to encode shellcode in order to reduce entropy | C++ |
| AmsiPatch | Start a powershell and patch AmsiScanBuffer | C++ |
| ThreadContextInject | Inject shellcode using SetThreadContext | C++ |
| MapViewInjection | Inject code in a remote process using a mapped section view | C++ |
| Hardware Breakpoint Remote Process AMSI Bypass | Hardware Breakpoint AMSI Bypass for Remote Process. Doesnt work | C++ |
| Reflective DLL Injection | Reimplementing Reflective DLL Injection (WIP) | C++ |