Category: Malware Offense

Windows rootkit

Sunder: Windows rootkit designed to work with BYOVD exploits

Sunder Windows rootkit modeled after Lazarus Group’s FudModule rootkit. Reference this version of Sunder for an example of the appid.sys driver exploit, which was utilized by Lazarus Group FudModule rootkit. Sunder’s vulnerable driver in this GitHub repository...

Threadless Module Stomping

NovaLdr: Threadless Module Stomping In Rust

NovaLdr NovaLdr is a Threadless Module Stomping written in Rust, designed as a learning project while exploring the world of malware development. It uses advanced techniques like indirect syscalls and string encryption to achieve...

shellcode loader

Ghost: Evasive shellcode loader

Ghost Ghost is a shellcode loader project designed to bypass multiple detection capabilities that are usually implemented by an EDR Detection 1 – kernel callbacks kernel callbacks are implemented by an EDR to harness...

Windows Defender exclusions

SharpExclusionFinder: finds Windows Defender folder exclusions

SharpExclusionFinder This C# program finds Windows Defender folder exclusions using Windows Defender through its command-line tool (MpCmdRun.exe). The program processes directories recursively, with configurable depth and thread usage, and outputs information about exclusions and scan progress....