jilvan1234's repositories
1337Visor
Type 2 Hypervisor for security research supported by AMD-V hardware assisted virtualization
Amsi-Killer
Lifetime AMSI bypass
awesome-ida-x64-olly-plugin
A curated list of IDA x64DBG, Ghidra and OllyDBG plugins.
cheat-engine-QQSpeed-By-python
cheat engine QQSpeed2
CVE-2022-3699
Lenovo Diagnostics Driver EoP - Arbitrary R/W
CVE-2022-42046
CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM
dissect.cobaltstrike
Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
DumpThatLSASS
Dumping LSASS by Unhooking MiniDumpWriteDump by getting a fresh DbgHelp.dll copy from the disk , plus functions and strings obfuscation , it contains Anti-sandbox , if you run it under unperformant Virtual Machine you need to uncomment the code related to it and recompile.
FilelessRemotePE
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
health-code-index
健康码模拟 - 索引
Hypervisor-From-Scratch
Source code of a multiple series of tutorials about the hypervisor. Available at: https://rayanfam.com/tutorials
Injector
Cheat injector for kernel + efi level
Intel-Alder-Lake-BIOS
The BIOS Code from project C970
malware-samples
Contains deobfuscated and otherwise interesting malware samples.
MemFiles
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
none
UNONE and KNONE is a couple of open source base library that makes it easy to develop software on Windows.
openedr
Open EDR public repository
oxorany
obfuscated any constant encryption in compile time on any platform
qiapiao
QQSpeed Fast Drift / QQspeed
qqspeed-3
Source Code Client , No Server
sehcall
Windows X64 mode use seh in manual mapped dll or manual mapped sys
SilentMoonwalk
PoC Implementation of a TRUE call stack spoofer
vidar_config
Extracts Vidar config from Command & Control servers for specific botnets
video-virtual-memory-materials
《关于编写 x64 Windows 10 驱动以了解虚拟内存这件事》系列视频附带的代码和材料
WFPExplorer
Windows Filtering Platform Explorer
Windows_RootKit
A windows kernel-mode rootkit with remote control
x64-Page-Walker
Walks through the 4-level paging structures in Windows x64