assorted malware techniques.
no payloads are malicious
| directory | language | technique |
|---|---|---|
| hells-gate | Rust | Rust implementation of the hell's gate dynamic syscall invocation technique. |
| api-hooking | Rust | Windows API function hooking with a simple shellcode trampoline. |
| custom-api-functions | Rust | Dynamically resolves (?) Windows API function addresses from the ProcessEnvironmentBlock. |
| debug-detection | Rust | A handful of methods to detect debuggers. |
| fn-stomping | Rust | Re-writes the bytes of a benign API function in the context of a local process. |
| stager-registry | Rust | Writes a payload to the Windows registry and executes it. |