dff2020's repositories
2022-HW-POC
2022 护网行动 POC 整理
aarch64_silent_syscall_hook
silent syscall hooking without modifying sys_call_table/code via patching exception handler
AndroidNativeEmu
Allows you to partly emulate an Android native library.
APKiD
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
assault-cube-hacking
C++ 17 AssaultCube basic hacking demo
BlindEye
BattlEye kernel module bypass
CFB
Canadian Furious Beaver is a tool for monitoring IRP handler in Windows drivers, and facilitating the process of analyzing, replaying and fuzzing Windows drivers for vulnerabilities
debogus
Deobfuscate OLLVM Bogus Control Flow via angr
EASY-HWID-SPOOFER
基于内核模式的硬件信息欺骗工具
Etw-Syscall
https://key08.com/index.php/2021/10/19/1375.html
FOKS-TROT
minifilter双缓冲透明加解密过滤驱动
frida-il2cpp-datacollector
Porting ce's monodatacollector to android/ios.
Frida-Seccomp
一个Android通用svc跟踪以及hook方案——Frida-Seccomp
Hades-Linux
Hades is a Host-Based Intrusion Detection System based on both eBPF(kernel) and netlink/cn_proc(userspace).
Hades-Windows
Hades HIDS/EDR for Windows
Karlann
It's a kernel-based keylogger for Windows x86/x64.
kernel_new_features
一个深挖 Linux 内核的新功能特性,以 io_uring, cgroup, ebpf, llvm 为代表,包含开源项目,代码案例,文章,视频,架构脑图等
lamda
⚡️ Android reverse engineering & automation framework | 史上最强安卓抓包/逆向/HOOK & 云手机/自动化辅助框架,你的工作从未如此简单快捷。
lib-jingdong-app-signature
京东 APP 的 sign 算法以及请求库
malwoverview
Malwoverview is a first response tool used for threat hunting and offers intel information from Virus Total, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, ThreatCrowd, Valhalla, Malware Bazaar, ThreatFox, Triage and it is able to scan Android devices against VT and HA.
pinduoduo_backdoor
拼多多apk内嵌提权代码,及动态下发dex分析
pinduoduo_backdoor_recorder
拼多多利用漏洞攻击用户手机材料汇总&存证
pinduoduo_backdoor_unpacker
Samples and Unpacker of malicious backdoors and exploits developed and used by Pinduoduo
RmEye
戎码之眼是一个window上的基于att&ck模型的威胁监控工具.有效检测常见的未知威胁与已知威胁.防守方的利剑
scoop-retools
Scoop bucket for reverse engineering tools
SKRoot-linuxKernelRoot
新一代SKRoot,挑战全网root检测手段,跟面具完全不同思路,摆脱面具被检测的弱点,完美隐藏root功能,全程不需要暂停SELinux,实现真正的SELinux 0%触碰,通用性强,通杀所有内核,不需要内核源码,直接patch内核,兼容安卓APP直接JNI调用,稳定、流畅、不闪退。
vmp_runner
A general solution to simulate execution of virtualized instructions (vmprotect/themida, etc.).
WeChatTweak-macOS
A dynamic library tweak for WeChat macOS - 首款微信 macOS 客户端撤回拦截与多开