I'm a security researcher and using this platform to share my projects and research :)
Nidhogg. Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
2.4kSandman. Sandman is a NTP based backdoor for hardened networks.
814FunctionStomping. Shellcode injection technique. Given as C++ header, standalone Rust program or library.
705Cronos. PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
623Venom. Venom is a library that meant to perform evasive communication using stolen browser socket
397MrKaplan. MrKaplan is a tool aimed to help red teamers to stay hidden by clearing evidence of execution.
270NovaHypervisor. Windows hypervisor for Intel x64: defensive host hypervisor for Windows designed to mitigate kernel-level attacks including BYOVD, compatible with VMware and Hyper-V.
265Jormungandr. Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
246EtwLeakKernel. Leaking kernel addresses from ETW consumers. Requires Administrator privileges.
94EtwSuite. Windows native ETW inspection suite for browsing providers, reading metadata, consuming live events, recording ETL traces, filtering results, and inspecting ETL/JSON/CSV recordings from one desktop tool.
85NidhoggScript. NidhoggScript is a tool to generate "script" file that allows execution of multiple commands for Nidhogg
50rustomware. Simple ransomware written in Rust. Part of the building a rustomware blog post.
37UdpInspector. Listing UDP connections with remote address without sniffing.
32NidhoggCSharpApi. C# API for Nidhogg rootkit
21talks-and-publications. Released presentations of my talks + code that used during these talks
15OffensiveRust. Rust Weaponization for Red Team Engagements.
12hotkey_exploitation. This repository contains the POC and the scanner to catch the Shortcut Hotkey Exploitation method.
7idov31.
1idov31.github.io. TypeScript
1