fadetrack

KernelMemoryModule

awesome-windows-kernel-security-development

windows kernel security development

wooyun_public

乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops

BlackHole-ExploitKit-Decoded

I havent found a reasonable version of the BlackHole exploit kit without the ionCube annoyances; so here is a fix for that problem :) Please keep in mind that these files have been decoded and shared for educational purposes only!

blacknurse

BlackNurse attack PoC

DdiMon

Monitoring and controlling kernel API calls with stealth hook using EPT

DisableWin10PatchguardPoc

pseudo-code to show how to disable patchguard with win10

DriverInjectDll

Using Driver Global Injection dll, it can hide DLL modules

EACReversing

Reversing EasyAntiCheat.

EQGRP

Decrypted content of eqgrp-auction-file.tar.xz

EQGRP_Lost_in_Translation

Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg

flexidie

Source code and binaries of FlexiSpy from the Flexidie dump

FU_Hypervisor

A hypervisor hiding user-mode memory using EPT

ghidra

Ghidra is a software reverse engineering (SRE) framework

GreenChrome

增强Chrome的工具

kcp

KCP - A Fast and Reliable ARQ Protocol

LOWLLVM

参照着OLLVM写的一个混淆库,只要机器上有装LLVM，就可以直接编译拿来用

malheur

A Tool for Automatic Analysis of Malware Behavior

malware

Malware source code samples leaked online uploaded to GitHub for those who want to analyze the code.

MyPythonMalware

Learning Python Interaction With Windows

NoEye

An usermode BE Rootkit Bypass

OSHGui

quixey

A small C like scripting language with a few small novel features.

raft.tla

TLA+ specification for the Raft consensus algorithm

RATAttack

RAT-via-Telegram

rw_socket_driver

Driver that uses network sockets to communicate with client and read/ write protected process memory.

shadowsocksr-csharp

Shark

Turn off PatchGuard in real time for win7 (7600) ~ win10 (17763).

typecho-plugin-Access

Access Log Plugin for Typecho

WProtect