Stars
A tool to recover a fully analyzable .ELF from a raw kernel, through extracting the kernel symbol table (kallsyms)
Quickly find differences and similarities in disassembled code
Kernel driver for detecting Intel VT-x hypervisors.
Translate virtual addresses to physical addresses from usermode.
PoC for thread pool based process injection in Windows.
We have made you a wrapper you can't refuse
Unified repository for different Metasploit Framework payloads
A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.html#dirty-vanity-a-new-approach-to-code-injection--edr-bypass…
Events from all manifest-based and mof-based ETW providers across Windows 10 versions
Simple VM based x86 PE (portable exectuable) protector.
A Dynamic Binary Instrumentation framework based on LLVM.
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
你管这破玩意叫操作系统源码 — 像小说一样品读 Linux 0.11 核心代码
Code Injection, Inject malicious payload via pagetables pml4.
The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes