Repositories list

• Process-Code-Injection-Techniques-Cheatsheet

  Public
  A concise cheatsheet covering key process code injection techniques for red teaming and malware development.

  malware-researchmalware-developmentinjection-attacks+ 6red-teamingprocess-injectionthread-hijackingntapi-injectionprocess-hallowingearly-apc-injection

  C

  •0•0•0•0•Updated Jun 4, 2025Jun 4, 2025

• Code-Execution-via-Callbacks-CheatSheet

  Public
  This repository contains a practical cheat sheet demonstrating various callback-based techniques to execute shellcode on Windows, with detection insights and code samples.

  shellcodemalware-analysisredteaming+ 1injection-attacks

  C

  •0•0•0•0•Updated Jun 2, 2025Jun 2, 2025

• Executing-Code-via-EnumDesktopsW-Callback

  Public
  This repository demonstrates how to execute shellcode on a Windows machine using the `EnumDesktopsW` callback mechanism. It leverages memory allocation, shellcode injection, and callback execution for proof-of-concept.

  windowsmalwarecodeinjection+ 1redteam

  C

  •0•0•0•0•Updated Jun 2, 2025Jun 2, 2025

• Multi-Platform-Malware

  Public
  Cross-architecture malware designed to run seamlessly on both 32-bit and 64-bit Windows systems, featuring dynamic shellcode execution and reverse shell capabilities.

  multi-platformx64malware-research+ 4malware-developmentred-teamx32shellcode-injection

  C++

  •0•0•0•0•Updated Jun 2, 2025Jun 2, 2025

• Process-Hollowing

  Public
  Process Hollowing is a stealthy injection method that runs malicious code inside a legitimate process.

  malware-researchmalware-developmentred-team+ 2process-hollowingprocess-injection

  C++

  •0•0•0•0•Updated Jun 2, 2025Jun 2, 2025

• asynchronous-code-injection

  Public
  A deep dive into asynchronous code injection using APC techniques. Includes code samples, step-by-step explanations, and real-world POCs.

  malwarecodeinjectionredteaming+ 1injection-attacks

  C

  •0•1•0•0•Updated May 27, 2025May 27, 2025

• Bypass-Windows-Defender-Static-Detection

  Public
  This repository demonstrates basic static detection evasion techniques for Windows Defender. It includes code to inject an XOR-encrypted reverse shell payload into a remote process using common Windows API calls. The payload is stored in the .rsrc section and decrypted at runtime.

  malware-researchredteamingwindowsdefenderbypass

  C++

  •0•0•0•0•Updated May 14, 2025May 14, 2025

• EarlyBird-APC-Code-Injection

  Public
  EarlyBird APC Injection is a stealthy process injection technique that queues malicious shellcode into a suspended thread of a newly created process. Once the thread is resumed, the payload executes, making detection and analysis more difficult.

  malware-developmentinjection-attacksearlybird

  C

  •0•0•0•0•Updated May 14, 2025May 14, 2025

• Thread-IDs-Process-IDs-The-Start-of-Malware-Magic

  Public
  ThreadIDs and ProcessIDs: The foundation of malware techniques, covering the basics of PIDs, TIDs, and their role in code injection and malware devlopment,.

  windowswinapicode-injection+ 4malware-developmentred-teamingwindows-internalsoffesive

  C++

  •0•1•0•0•Updated May 12, 2025May 12, 2025

• NT-API-Code-Injection

  Public
  NT API Code Injection using NtCreateSection and NtMapViewOfSection to inject shellcode into a remote process. This method allows for efficient memory manipulation and code execution within target processes.

  malware-researchevasionmalware-development+ 4injection-attackswindows-internalsnative-apiwindows-malware

  C

  •0•1•0•0•Updated May 12, 2025May 12, 2025

• RatInject-Red-Team-Tool

  Public
  RatInject: C++ tool for stealthy Windows persistence via registry-based techniques.

  persistencemalware-researchmalware-development+ 4red-teamwindows-persistenceoffesiveregistry-persistence

  0•0•0•0•Updated May 12, 2025May 12, 2025

• Shellcode-Injection-Using-Window-Callbacks

  Public
  A minimal Windows GUI demo that allocates memory and executes 64-bit shellcode to display a MessageBox. Demonstrates basic shellcode injection using `VirtualAlloc`, `memcpy`, and function pointers in C.

  windowscallbackshellcode-injection

  C++

  •0•0•0•0•Updated May 8, 2025May 8, 2025

• Hijacking-Remote-Thread

  Public
  Technique to inject and execute code in a remote process by hijacking an existing thread.

  winapiinjectionaes-encryption+ 5malware-researchmalware-developmentred-teamhijackingwin-internals

  C

  •0•0•0•0•Updated Apr 29, 2025Apr 29, 2025

• Antivirus-Evasion-with-AES-Encryption

  Public
  A proof-of-concept demonstrating static antivirus evasion using AES-encrypted shellcode in C. Includes encryption script in Python and a runtime decryption/execution mechanism in Windows.

  malware-developmentantivirus-evasionevasion-techniques

  C

  •0•0•0•0•Updated Apr 29, 2025Apr 29, 2025

• Crafting-Trojan-Guide

  Public
  This repository demonstrates how a Trojan can be crafted by backdooring an executable using code caves and shellcode injection. It is intended purely for educational purposes in cybersecurity and ethical hacking.

  executabletrojanmalware-analysis+ 1backdoor-attacks

  Assembly

  •0•0•0•0•Updated Apr 29, 2025Apr 29, 2025

• AV-Evasion-with-XOR-Encryption

  Public
  Technique for AV evasion using XOR encryption to obfuscate payloads.

  encryptionmalware-researchevasion+ 5xormalware-developmentred-teamav-evasionav-bypass

  C

  •0•0•0•0•Updated Apr 28, 2025Apr 28, 2025

• Executing-ShellCode-Introduction

  Public
  A guide on how to executing Malicious Shell-Code with C++

  cppshellcodemalware-analysis+ 3maliciousredteaminginjection-attacks

  C++

  •0•0•0•0•Updated Apr 27, 2025Apr 27, 2025

• Multi-Reverse-Shell-Handler

  Public
  A terminal-based multiple reverse shell manager for pentesters. Built with Python to manage and persist multiple shell sessions with ease.

  reverse-shellshellcodemalware-research

  0•0•0•0•Updated Apr 25, 2025Apr 25, 2025

• AntiVirus-Evasion-with-Payload-Encoding

  Public
  Demonstrates antivirus evasion using Base64 encoding to bypass static detection methods.

  encodingmalware-researchmalware-development+ 3red-teamav-evasionav-evade

  C

  •0•0•0•0•Updated Apr 24, 2025Apr 24, 2025

• Process-Code-Injection

  Public
  A simple implementation of process code injection. This demonstrates injecting shellcode into a remote process, using basic Windows API functions for process manipulation.

  malware-researchwindows-apimalware-development+ 4red-teaminjection-attacksprocess-injectionwindows-malware

  C

  •0•0•0•0•Updated Apr 24, 2025Apr 24, 2025

• Windows-Persistence-CheatSheet

  Public
  A practical cheatsheet demonstrating key Windows persistence methods for red team assessments and malware research.

  windowspersistencemalware-research+ 2malware-developmentred-team

  0•0•0•0•Updated Apr 23, 2025Apr 23, 2025

• WinLogon-Reverse-Shell-Persistence

  Public
  A method for achieving Windows persistence by leveraging the Winlogon registry key. It includes a modified C++ reverse shell and a step-by-step guide on using the Userinit key to maintain access to a Windows system after reboot or user logoff.

  windowsreverse-shellpersistence+ 2malware-analysisredteaming

  0•0•0•0•Updated Apr 18, 2025Apr 18, 2025