Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)

PoC EFI runtime driver for memory r/w & kdmapper fork

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

CVE-2022-3699 with arbitrary kernel code execution capability

driver manual mapper powered by https://github.com/estimated1337/lenovo_exec

Using CVE-2023-21768 to manual map kernel mode driver

Compact MBR Bootkit for Windows

✨ Perfect 4K@240Hz Virtual Display

A patch to hide PVE itself

Read-Only mirror of EDK2 Firmware package for Proxmox VE

Read-Only source code mirror, Proxmox uses mailing list workflow for development.

A patch to hide qemu itself, bypass mhyprot,EAC,nProtect / VMProtect,VProtect, Themida, Enigma Protector,Safegine Shielden

Hide SMBIOS/disk/NIC serials from EFI bootkit

Rusty Bootkit - Windows UEFI Bootkit in Rust (Codename: RedLotus)

Hiding kernel-driver for x86/x64.

A tool to download workshop items for wallpaper engine

LPE exploit for CVE-2023-21768

xigmapper is a driver manual mapper that loads your driver before Vanguard, but after critical system infrastructure has been set up, allowing you to write your bypass without worrying about the in…