蒙花落's repositories
aes256ctr
Byte-oriented AES-256 in CTR mode
AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
AuthHashCalc
Authenticode Hash Calculator for PE32/PE32+ files
CosMapper
Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
CrystalDiskMark
CrystalDiskMark
cuckoo_sandbox_setup
Four Steps easy Cuckoo Setup in Ubuntu
elKernelSnakeGame
用易語言做的一個辣鷄内核游戲 (不
FastPing
批量高精度ping测速
HideProcessHook
Simple NtQuerySystemInformation hook for your hacking apps.
HollowProcess
Hollow Process / Dynamic Forking / RunPE injection technique implemented in Python
injectEtwBypass
CobaltStrike BOF - Inject ETW Bypass into Remote Process via Syscalls (HellsGate|HalosGate)
JSC.js
JavaScriptCore on WebAssembly
Learn-LLVM-12
《Learn LLVM 12》的非专业个人翻译
NashaVM
Nasha is a Virtual Machine for .NET files and its runtime was made in C++/CLI
port_resue
Linux下应用层注入/hook技术实现端口复用
process_ghosting
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
ProcessHollowing
Simple Process Hollowing created in C#
pyob
A simple python obfuscator
R-PControl
Desktop application for remote PC control
RunPE-Process-Hollowing-GO
Thanks to @d35ha
SigFlip
SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
stlkrn
C++ STL in the Windows Kernel with C++ Exception Support
Symantec-ATP-API
Script used to pull logs from the Symantec ATP console using the API.
Symbol-Parser
Small class to parse debug info from PEs, download their respective PDBs from the Microsoft Public Symbol Server and calculate RVAs of functions
the-super-tiny-compiler
:snowman: Possibly the smallest compiler ever
tjs
TJS = tinyc compiler + quickjs
VirtualDesktop
Wrapper for API to Virtual Desktop on Windows 10.