saadahla
Security researcher, malware dev
Funding Links: https://github.com/sponsors/SaadAhla
- Name: d1rk
- Location: Morocco
- Kind: user
- Followers: 1495
- Following: 218
- Total stars: 4375
- Repositories count: 34
- Created at: 2023-02-15T06:20:54.493Z
- Updated at: 2025-03-30T12:08:02.528Z
- Last synced at: 2025-03-30T12:08:02.528Z
GitHub Sponsors Profile
Hey, I'm D1rkMtr
I'm a hobbyist Red Team Developer, Student.
You can find me also in :
Twitter
LinkedIn
- Current Sponsors: 1
- Past Sponsors: 2
- Total Sponsors: 3
- Minimum Sponsorship: $5.00
Featured Works
SaadAhla/FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
Language: C++ - Stars: 930SaadAhla/NTDLLReflection
Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll , and trigger exported APIs from the export table
Language: C++ - Stars: 293SaadAhla/D1rkLdr
Shellcode Loader with Indirect Dynamic syscall Implementation , shellcode in MAC format, API resolving from PEB, Syscall calll and syscall instruction address resolving at run time
Language: C++ - Stars: 308SaadAhla/Shellcode-Hide
This repo contains : simple shellcode Loader , Encoders (base64 - custom - UUID - IPv4 - MAC), Encryptors (AES), Fileless Loader (Winhttp, socket)
Language: C++ - Stars: 415SaadAhla/UnhookingPatch
Bypass EDR Hooks by patching NT API stub, and resolving SSNs and syscall instructions at runtime
Language: C++ - Stars: 304SaadAhla/ntdlll-unhooking-collection
different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
Language: C++ - Stars: 186Active Sponsors
virtualalllocex
Past Sponsors
redkeyszn
fin3ss3g0d
Sponsor Breakdown
- User: 2
- Unknown: 1