Cloutain

NlsCodeInjectionThroughRegistry

Dll injection through code page id modification in registry. Based on jonas lykk research

WebHook-Tool

Mini Tool For Set WebHook,Delete WebHook Telegram and Get Info Token Bot

MSRPC-to-ATTACK

A repository that maps commonly used attacks using MSRPC protocols to ATT&CK

rewolf-wow64ext

Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.

NTAssassin

NTAssassin is a fast, small and powerful library helps C/C++ development on Windows

SliverKeylogger

ThreadStackSpoofer

Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

SystemExplorer

Windows System Explorer

AlleyWind

An advanced Win32-based and open-sourced utility that helps you to manage system's windows

Windows-RPC-Backdoor

Simple windows rpc server for research purposes only

SharpEventPersist

Persistence by writing/reading shellcode from Event Log

Win10SysProgBookSamples

Windows 10 System Programming book samples

DoubleCallBack

MemoryModule-2

A tool to parse and load module in memory, as well as attach a DLL in EXE. Most of the functions are inline, so that it can also be used in shellcode.

TermsrvPatcher

Patcher for termsrv.dll for enabling concurrent remote desktop sessions on non-server Windows editions

Etw-Syscall

https://key08.com/index.php/2021/10/19/1375.html

DoubleDataPointer

Allows you to communicate with the kernel mode to manipulate memory in a stealthy way to avoid kernel anticheats.

DlllInjection-Kernel

커널 함수로 dll injection을 시켜보았습니다.

Backpack

Golang packer that use process hollowing

defender-control

An open-source windows defender manager. Now you can disable windows defender permanently.

uiaccess

通过System令牌获取UIAccess

goparse

parse golang bin

bedaisy-reversal

Some psuedo snippets from BattlEye's BEDaisy.sys loaded on Rainbow Six: Siege.

GreyScaleFilterBMP

Takes in a bmp and converts it to Black and White

WingProtecter

一个简单的加壳工具，用最简单的方式来实现对于 32/64 位的 PE 结构进行加密，建议只用于 EXE 格式，用于“羽夏壳世界”教学使用，使用 GPLv3 协议，其他类型的 PE 结构程序暂时没有测试。

llvmanalyzer

笔者在一款基于LLVM编译器架构的retdec开源反编译器工具的基础上,融合了klee符号执行工具,通过符号执行(Symbolic Execution)引擎动态模拟反编译后的llvm的ir(中间指令集)运行源程序的方法,插桩所有的对x86指令集的thiscall类型函数对this指针结构体(也就是rcx寄存器,简称this结构)偏移量引用,经行分析汇总后自动识别this结构体的具体内容,并自动集成导入ida工具辅助分析.

RIPPL

RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows

CPU_TerrainRender

Render terrain view by using CPU + SIMD instructions (avoid to use GPU to do the compute), a demo to show how SIMD can increase computation performance

veh_hide_memory

symanteclog

Symantec attack log analyzer with SQL and add the ip address to mikrotik