-
-
delete-self-poc Public
A way to delete a locked file, or current running executable, on disk.
-
-
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
-
wsb-detect Public
wsb-detect enables you to detect if you are running in Windows Sandbox ("WSB")
-
shellcode-plain-sight Public
Hiding shellcode in plain sight within a large memory region. Inspired by technique used by Raspberry Robin's Roshtyak
-
sgrm-research Public
Repository to compliment my blog post on System Guard Runtime Monitor
-
yara Public
Forked from VirusTotal/yaraThe pattern matching swiss knife
-
pefile Public
Forked from erocarrera/pefilepefile is a Python module to read and work with PE (Portable Executable) files
-
pafish-macos Public
A macOS pafish-like port to detect analysis/virtual environments
2 UpdatedOct 6, 2021 -
dearg-thread-ipc-stealth Public
A novel technique to communicate between threads using the standard ETHREAD structure
-
Windows-API-Hashing Public
This is a simple example and explanation of obfuscating API resolution via hashing
-
librini Public archive
Rini is a tiny, non-libc dependant, .ini file parser programmed from scratch in C99.
-
elf-strings Public archive
elf-strings will programmatically read an ELF binary's string sections within a given binary. This is meant to be much like the strings UNIX utility, however is purpose built for ELF binaries.
{{ message }}