Anti-ghosts's starred repositories
cve-2023-29360
Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
EDR-XDR-AV-Killer
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
windows_x64_shellcode_template
An easily modifiable shellcode template for Windows x64 written in C
shellcodeloader
shellcodeloader
sclauncher
A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files from shellcode.
everyone-can-use-english
人人都能用英语
MyIP
The best IP Toolbox. Easy to check what's your IPs, IP geolocation, check for DNS leaks, examine WebRTC connections, speed test, ping test, MTR test, check website availability, whois search and more! || 🇨🇳 可能是最好用的IP工具箱。轻松检查你的 IP,IP 地理位置,检查DNS泄漏,检查 WebRTC 连接,速度测试,ping 测试,MTR测试,检查网站可用性,查询 Whois 信息等等。
WebShell-Bypass-Guide
从零学习Webshell免杀手册
sing-box-examples
sing-box 配置示例
v2ray-agent
Xray、Tuic、hysteria2、sing-box 八合一一键脚本
clash-nyanpasu
Clash Nyanpasu~(∠・ω< )⌒☆
pinduoduo_backdoor_detailed_report
Maybe the most detailed analysis of pdd backdoors
shadowsocks_install
Auto Install Shadowsocks Server for CentOS/Debian/Ubuntu
clash-verge
A Clash GUI based on tauri. Supports Windows, macOS and Linux.
APT-Individual-Combat-Guide
《APT Individual Combat Guide》
HideDriver
Using DKOM to hide kernel mode drivers
Chaos-Rootkit
Now You See Me, Now You Don't
Win_Rootkit
A kernel-mode rootkit with remote control
CVE-2022-44666
Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022.