Proof of concept for pwnkit vulnerability

A shellcode function to encrypt a running process image when sleeping.

An improvement of the original reflective DLL injection technique by Stephen Fewer of Harmony Security

baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability

The world's worst kernel module

WMI virus, because funny

Cobalt Strike BOF for evasive .NET assembly execution

Gain observability into any Linux command or application with no code modification

Insecure Programming by Example - Teach yourself how buffer overflows, format strings, numeric bugs, and other binary security bugs work and how to exploit them

Bypass UAC at any level by abusing the Program Compatibility Assistant with RPC, WDI, and more Windows components

Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.

This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.

BPFDoor Source Code. Originally found from Chinese Threat Actor Red Menshen

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.

PoC for CVE-2021-28476 a guest-to-host "Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys.

Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows

Windows USB Driver for Sony DualShock 3 Controllers

Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak

Stand-alone VNC server compiled as a Reflective DLL

Windows XP 32-Bit Bootkit

DLL Password Filter Implant with Exfiltration Capabilities

LD_PRELOAD rootkit

Get your data from the resource section manually, with no need for windows apis

In line function hooking LKM rootkit

TCP over HTTP

Run commands on linux through those pesky firewalls

NGINX module to allow for RCE through a specific header