DrvLoader

DrvLoader is a Windows post-exploitation utility for loading Windows kernel drivers using both undocumented NT API functions (NtLoadDriver/NtUnloadDriver) and via the Service Control Manager (SCM)

Jektor

Jektor is a shellcode injection/execution tool that demonstrates various techniques that malware typically utilizes, Jektor supports shellcode execution through CreateThread, CreateRemoteThread, QueueUserAPC, EnumTimeFormatsEx, and CreateFiber.

RedPulsar

RedPulsar is a Windows implant written in C/C++ designed to aid in post-exploitation activity. RedPulsar offers a diverse set of features that enable the user complete control over the target system. RedPulsar focuses on anti-analysis and making static code analysis and anti-virus detection more difficult.

  • Link: https://github.com/xxxxxxxxxx/HonestGuard

DiffusionAngel

DiffusionAngel is a proof-of-concept Windows kernel rootkit that supports hiding process by PID, reading/writing process memory, elevating processes, logging keystrokes, hooking the SSDT, and more

  • Link: https://github.com/xxxxxxxxxx/DiffusionAngel