All

23 repositories

3LayersPersistence
Public
Demonstrating 3 persistence layers from a single EXE, that converts itself into proxy DLLs at runtime
persistence wmi dll-sideloading
persistence wmi dll-sideloading com-hijacking
C
•
MIT License
•12•84•0•0•Updated Mar 29, 2026Mar 29, 2026
QRSteganography
Public
Encodes arbitrary data into one or more QR code PNGs and decodes them back as a form of steganography for data obfuscation.
steganography qrcode-generator
steganography qrcode-generator
C
•
MIT License
•6•46•0•0•Updated Mar 10, 2026Mar 10, 2026
DumpBrowserSecrets
Public
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chr…
firefox chrome opera
firefox chrome opera vivaldi msedge credential-harvesting
C
•
MIT License
•101•691•0•0•Updated Feb 14, 2026Feb 14, 2026
GitLabDeviceCodePhishing
Public
A tool to easily perform GitLab Device Code Phishing on red team engagements
Python
•
MIT License
•3•50•0•0•Updated Feb 9, 2026Feb 9, 2026
GitHubDeviceCodePhishing
Public
A tool to easily perform GitHub Device Code Phishing on red team engagements
Python
•
MIT License
•11•92•0•0•Updated Feb 9, 2026Feb 9, 2026
PrefetchFileParser
Public
A lightweight Windows Prefetch file parser to extract programs' execution history
C
•
MIT License
•8•68•0•0•Updated Jan 12, 2026Jan 12, 2026
DumpChromeSecrets
Public archive
Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks
chrome credential-harvesting
chrome credential-harvesting
C
•
MIT License
•77•556•0•0•Updated Jan 8, 2026Jan 8, 2026
GhostlyHollowingViaTamperedSyscalls2
Public
Implementing Ghostly-Hollowing using tampered syscalls for remote PE injection
C
•
MIT License
•15•74•0•0•Updated Dec 26, 2025Dec 26, 2025
ElectronVulnScanner
Public
Automatically scan the file system to identify Electron applications vulnerable to ASAR tampering.
electron scanner injection
electron scanner injection asar
C
•
MIT License
•11•159•0•0•Updated Nov 28, 2025Nov 28, 2025
MaldevAcademyLdr.2
Public
RunPE implementation with multiple evasive techniques (2)
mimikatz runpe edr-evasion
mimikatz runpe edr-evasion
C
•
MIT License
•37•280•0•0•Updated Sep 25, 2025Sep 25, 2025
TrapFlagForSyscalling
Public
Bypass user-land hooks by syscall tampering via the Trap Flag
C
•
MIT License
•21•139•0•0•Updated Aug 25, 2025Aug 25, 2025
AlphabeticalPolyShellGen
Public
Generate an Alphabetical Polymorphic Shellcode
C
•
MIT License
•24•139•0•0•Updated Aug 19, 2025Aug 19, 2025
Alphabetfuscation
Public
Convert your shellcode into an ASCII string
C
•
MIT License
•29•128•0•0•Updated Jun 27, 2025Jun 27, 2025
HookingLsassForCredentials
Public
Attempting to Hook LSASS APIs to Retrieve Plaintext Credentials
C
•
MIT License
•19•54•0•0•Updated May 12, 2025May 12, 2025
LsassHijackingViaReg
Public
Injecting DLL into LSASS at boot
C
•
GNU General Public License v3.0
•37•156•0•0•Updated Apr 29, 2025Apr 29, 2025
ExecutePeFromPngViaLNK
Public
Extract and execute a PE embedded within a PNG file using an LNK file.
Python
•
MIT License
•75•465•1•2•Updated Nov 2, 2024Nov 2, 2024
EmbedPayloadInPng
Public
Embed a payload inside a PNG file
C
•
MIT License
•56•371•0•0•Updated Oct 24, 2024Oct 24, 2024
DRMBinViaOrdinalImports
Public
Create Anti-Copy DRM Malware
drm anti-reversing anti-analysis
drm anti-reversing anti-analysis
C
•
MIT License
•14•73•0•0•Updated Aug 19, 2024Aug 19, 2024
CodeSearchDemo
Public
Demo showcasing Maldev Academy’s code search database
C
•
MIT License
•5•42•0•0•Updated Feb 20, 2024Feb 20, 2024
RemoteTLSCallbackInjection
Public
Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
C
•
MIT License
•50•288•1•0•Updated Jan 21, 2024Jan 21, 2024
Christmas
Public
PoC demonstrating a multi process injection chain aimed at remotely executing shellcode
C
•
MIT License
•35•259•1•0•Updated Jan 21, 2024Jan 21, 2024
MaldevAcademyLdr.1
Public
RunPE implementation with multiple evasive techniques (1)
C
•
MIT License
•51•384•0•0•Updated Sep 22, 2023Sep 22, 2023
HellHall
Public
Performing Indirect Clean Syscalls
syscalls edrs
syscalls edrs
C
•80•606•1•1•Updated Apr 19, 2023Apr 19, 2023

ProTip! When viewing an organization's repositories, you can use the props. filter to filter by custom property.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Maldev Academy

All

All

23 repositories

3LayersPersistence

QRSteganography

DumpBrowserSecrets

GitLabDeviceCodePhishing

GitHubDeviceCodePhishing

PrefetchFileParser

DumpChromeSecrets

GhostlyHollowingViaTamperedSyscalls2

ElectronVulnScanner

MaldevAcademyLdr.2

TrapFlagForSyscalling

AlphabeticalPolyShellGen

Alphabetfuscation

HookingLsassForCredentials

LsassHijackingViaReg

ExecutePeFromPngViaLNK

EmbedPayloadInPng

DRMBinViaOrdinalImports

CodeSearchDemo

RemoteTLSCallbackInjection

Christmas

MaldevAcademyLdr.1

HellHall

All

All

Repositories list

23 repositories