jiangliu's repositories
protections-artifacts
Elastic Security detection content for Endpoint
vArmor
vArmor is a cloud native container sandbox based on LSM. It includes multiple built-in protection rules that are ready to use out of the box.
ChatGLM-6B
ChatGLM-6B:开源双语对话语言模型 | An Open Bilingual Dialogue Language Model
CVE-2022-37969
Windows LPE exploit for CVE-2022-37969
Windows_LPE_AFD_CVE-2023-21768
LPE exploit for CVE-2023-21768
redteam-research
Collection of PoC and offensive techniques used by the BlackArrow Red Team
FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
ntdlll-unhooking-collection
different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
Elkeid
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
APT_REPORT
Interesting apt report collection and some special ioc express
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
RedTeam_BlueTeam_HW
红蓝对抗以及护网相关工具和资料,内存shellcode(cs+msf)和内存马查杀工具
CVE-2022-3699
Lenovo Diagnostics Driver EoP - Arbitrary R/W
invoke-atomicredteam
Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder](https://github.com/redcanaryco/atomic-red-team/tree/master/atomics) of Red Canary's Atomic Red Team project.
TangledWinExec
C# PoCs for investigation of Windows process execution techniques
edge-vulnerability-reports
Security issues I reported in Edge
pypykatz
Mimikatz implementation in pure Python
DumpThatLSASS
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.
PPLdump
Dump the memory of a PPL with a userland exploit
follina.py
POC to replicate the full 'Follina' Office RCE vulnerability for testing purposes
WerTrigger
Weaponizing for privileged file writes bugs with windows problem reporting