Stars
📚🔥收集全网最热门的技术书籍 (GO、黑客、Android、计算机原理、人工智能、大数据、机器学习、数据库、PHP、java、架构、消息队列、算法、python、爬虫、操作系统、linux、C语言),不间断更新中♨️
Use hardware breakpoint to dynamically change SSN in run-time
random powershell goodness
Tools for discovery and abuse of COM hijacks
Centralized resource for listing and organizing known injection techniques and POCs
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware
Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
Elastic Security detection content for Endpoint
Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
一款后渗透免杀工具,助力每一位像我这样的脚本小子快速实现免杀,支持bypass AV/EDR 360 火绒 Windows Defender Shellcode Loader
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
A shellcode function to encrypt a running process image when sleeping.
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
C# version of Mallinath S. Karkanti code on http://www.codeproject.com/Articles/21352/Virtual-Desktop-A-Simple-Desktop-Management-Tool
VenomRAT-HVNC 5.6, this is the latest version with a working HVNC module !
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
darkPulse是一个用go编写的shellcode Packer,用于生成各种各样的shellcode loader,免杀火绒,360核晶等国内常见杀软。
MemoryModule which compatible with Win32 API and support exception handling
Simulate the behavior of AV/EDR for malware development training.
A proof-of-concept Cobalt Strike Reflective Loader which aims to recreate, integrate, and enhance Cobalt Strike's evasion features!
Stealing Signatures and Making One Invalid Signature at a Time