Soumyani1

Linux Loadable Kernel Module (LKM) based rootkit (ring-0), capable of hiding itself, processes/implants, rmmod proof, has ability to bypass infamous rkhunter antirootkit.

reveng007

Stealthy Loader-cum-dropper/stage-1/stager targeting Windows10

reveng007

C2 server to connect to a victim machine via reverse shell

reveng007

Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol

reveng007

A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFuc...

reveng007

I have documented all of the AMSI patches that I learned till now

reveng007

Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDl...

reveng007

I will be uploading all the codes which I created with the help either opensource projects or blogs. This is a step by step EDR learning path for me.

reveng007

C# loader capable of running stage-1 from remote url, file path as well as file share

reveng007