A lightweight Python monitor for collecting system and XMRig mining metrics (for academic research use only)

XMRig CryptoMining Manager is a lightweight Windows console application written in C that automatically launches, monitors, and manages an XMRig mining process. It uses the Windows API and WinHTTP …

Research in progress: A malware that abuses the GPU to accelerate the decryption process.

This is a repo of Malware Developement Workshop that I hosted with Nexus Security Club, it contains the modules and also the slides. If you are beginner in MalDev you can check the content to learn…

Research project showcasing various malware evasion techniques used to bypass AVs and EDRs, continuously updated with new methods.

Implements dynamic Windows API resolution via hashing techniques to evade detection. Inspired by techniques mapped to MITRE ATT&CK T1055.012 (Process Injection: API Access).

A custom implementation of GetModuleHandle, often used in malware to evade detection by bypassing standard API resolution methods

A powerful PE file inspector for analyzing Portable Executable binaries, providing detailed insights into their structure, headers, and properties

A Windows string hashing toolkit for security research and malware analysis.Research implementation of malware-focused algorithms from VX Underground collection. For educational and research purpos…

A custom implementation of GetProcAddress, often used in malware to evade detection by bypassing standard API resolution methods

Function Stomping (MITRE ATT&CK ID: T1055.012) — Advanced injection technique overwriting legitimate functions with custom payloads to evade detection. Research & Educational purposes only

Malware evasion technique by manipulating process command-line arguments to hide the actual executed payload, used to evade the manual detection of ProcessHacker and ProcessExplorer. MITRE ATT&CK I…

Malware evasion technique by manipulating process command-line arguments to hide the actual executed payload, commonly used to evade Windows monitoring tools. MITRE ATT&CK ID: T1036.005 (Masqueradi…

This is a repo that contains an implementation of Parent PID spoofing evasion technique, MITRE ID T1036

A repository showcasing payload execution control using mutexes, semaphores, and events in Windows, for educational purposes.

This is a challenge made for NexTrace CTF, Malware Analysis case

This is a repo that contains 2 techniques : Local mapping injection and Remote injection technique , MITRE ID T1055

Code injection via Asynchronous Procedure Calls to bypass Windows defenses. Mapped to MITRE ATT&CK T1055.004.(Process Injection: Asynchronous Procedure Call).

This is a malware that i used in it remote thread hijacking

This Malware is an application for MalwareEvasionTechniques repo .I used in it Registery staging in two modes R/W and I combined it with the remote scanner

This is an application for both MalwareScanner and MalwareStaging

This is a malware that i used in it remote process injection technique, it scans for processes chooses the one you named and inject shellcode in it

NTAPI Anti-Debugging Checker and Patcher is a Windows-based tool designed for research purposes, demonstrating how to detect and manipulate anti-debugging techniques in running processes using NTAP…

Native API injector

A Cyber Security Blog