蒙花落's repositories
NlsCodeInjectionThroughRegistry
Dll injection through code page id modification in registry. Based on jonas lykk research
WebHook-Tool
Mini Tool For Set WebHook,Delete WebHook Telegram and Get Info Token Bot
MSRPC-to-ATTACK
A repository that maps commonly used attacks using MSRPC protocols to ATT&CK
rewolf-wow64ext
Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.
NTAssassin
NTAssassin is a fast, small and powerful library helps C/C++ development on Windows
ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
SystemExplorer
Windows System Explorer
AlleyWind
An advanced Win32-based and open-sourced utility that helps you to manage system's windows
Windows-RPC-Backdoor
Simple windows rpc server for research purposes only
SharpEventPersist
Persistence by writing/reading shellcode from Event Log
Win10SysProgBookSamples
Windows 10 System Programming book samples
MemoryModule-2
A tool to parse and load module in memory, as well as attach a DLL in EXE. Most of the functions are inline, so that it can also be used in shellcode.
TermsrvPatcher
Patcher for termsrv.dll for enabling concurrent remote desktop sessions on non-server Windows editions
Etw-Syscall
https://key08.com/index.php/2021/10/19/1375.html
DoubleDataPointer
Allows you to communicate with the kernel mode to manipulate memory in a stealthy way to avoid kernel anticheats.
DlllInjection-Kernel
커널 함수로 dll injection을 시켜보았습니다.
Backpack
Golang packer that use process hollowing
defender-control
An open-source windows defender manager. Now you can disable windows defender permanently.
uiaccess
通过System令牌获取UIAccess
goparse
parse golang bin
bedaisy-reversal
Some psuedo snippets from BattlEye's BEDaisy.sys loaded on Rainbow Six: Siege.
GreyScaleFilterBMP
Takes in a bmp and converts it to Black and White
WingProtecter
一个简单的加壳工具,用最简单的方式来实现对于 32/64 位的 PE 结构进行加密,建议只用于 EXE 格式,用于“羽夏壳世界”教学使用,使用 GPLv3 协议,其他类型的 PE 结构程序暂时没有测试。
llvmanalyzer
笔者在一款基于LLVM编译器架构的retdec开源反编译器工具的基础上,融合了klee符号执行工具,通过符号执行(Symbolic Execution)引擎动态模拟反编译后的llvm的ir(中间指令集)运行源程序的方法,插桩所有的对x86指令集的thiscall类型函数对this指针结构体(也就是rcx寄存器,简称this结构)偏移量引用,经行分析汇总后自动识别this结构体的具体内容,并自动集成导入ida工具辅助分析.
RIPPL
RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows
CPU_TerrainRender
Render terrain view by using CPU + SIMD instructions (avoid to use GPU to do the compute), a demo to show how SIMD can increase computation performance
symanteclog
Symantec attack log analyzer with SQL and add the ip address to mikrotik