ZwSalvation's starred repositories
drakvuf-sandbox
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
ordered-map
C++ hash map and hash set which preserve the order of insertion
filesystem
An implementation of C++17 std::filesystem for C++11 /C++14/C++17/C++20 on Windows, macOS, Linux and FreeBSD.
VmwareHardenedLoader
Vmware Hardened VM detection mitigation loader (anti anti-vm)
Windows10-CustomKernelSigners
Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSigners
VTableKFunctionHook
This project will give you an example how you can hook a kernel vtable function that cannot be directly called
KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
windows-pe-signature-verifying
Modern C++ wrapper for Windows PE signature verification mechanism
Awesome-Binary-Similarity
An awesome & curated list of binary code similarity papers
Awesome-Binary-Rewriting
An awesome & curated list of binary rewriting papers
PE-Parser-MASM32
A PE32/PE32+ parser written in MASM32
Homework-of-C-Language
C/C++ code examples of my blog.
ProcessDoppelganging
Process doppelganging POC using direct system calls, PPID spoofing and dropbox as an external delivery channel for the payload.
Mapping-Injection
Just another Windows Process Injection
SysWhispers2
AV/EDR evasion via direct system calls.
sec-daily-2020
2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总