Iceman Fork - Proxmark3

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

TrevorC2 is a legitimate website (browsable) that tunnels client/server communications for covert command execution.

Driver loader for bypassing Windows x64 Driver Signature Enforcement

⚠️ malware development

Executes PowerShell from an unmanaged process

Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind

Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module

Combination of all my Resources, Links & Scripts

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

Process Injection using Thread Name

An easily modifiable shellcode template for Windows x64 written in C

Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction within NTDLL.

Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver

Bypass LSA protection using the BYODLL technique

lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.

BSides Prishtina 2024 Malware Development and Persistence workshop

BOF for C2 framework

Using LNK files and user input simulation to start processes under explorer.exe

BadExclusions is a tool to identify folder custom or undocumented exclusions on AV/EDR

I have been learning C for a couple of months and now I have started learning malware development for fun. I'll share the things I code in this repository.