gavinl1b0's starred repositories
BypassAntiVirus
远控免杀系列文章及配套工具,汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术,并对免杀效果进行了一一测试,为远控的免杀和杀软对抗免杀提供参考。
SecurityInterviewGuide
网络信息安全从业者面试指南
KillDefender
A small POC to make defender useless by removing its token privileges and lowering the token integrity
CVE-2022-21882
win32k LPE
CVE-2021-1732-Exploit
CVE-2021-1732 Exploit
ProcessHider
Hide Process From Task Manager using Usermode API Hooking
DefenderStop
Stop Defender Service using C# via Token Impersonation
awesome-malware-persistence
A curated list of awesome malware persistence tools and resources.
CVE-2020-1313
Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
bypass_vmp_vm_detect
bypass vmp virtual machine detect
IBM-RedCON-2020
IBM RedCON 2020 - Throwing an AquaWrench into the Kernel
hide-and-seek
PoC for hiding processes from Windows Task Manager by manipulating the graphic interface
anti-anti-vm-detection-dll
anti anti vm dll, used to hide VMWare characteristics as files, processes, services, registry values
windows-kernel-file-protector
Protect a file from being deleted using windows kernel file system minifilter driver
PowerBuilder-decompile
Python module that parse power builder file (PBD) and analyze code (Incomplete)
CVE-2020-17136
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2020-1048
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.