jilvan1234

be-shellcode-tester

BattlEye shellcodes tester

BetterGetProcAddress

POC of a better implementation of GetProcAddress for ntdll using binary search

ceload

Loading dbk64.sys and grabbing a handle to it

CountHook

Bypass memory checks ( especially count )

defender-control

An open-source windows defender manager. Now you can disable windows defender permanently.

DeMotet

Unpacking and decryption tools for the Emotet malware

DllIconHandler

Shows different icons for 64 and 32-bit DLLs. Register with RegSvr32 to install

edb-debugger

edb is a cross-platform AArch32/x86/x86-64 debugger.

EDRs

EDRSandblast

goHashDumper

用于Dump指定进程的内存,主要利用静默退出机制(SilentProcessExit)和Windows API(MiniDumpW)实现

GPUSleep

Move CS beacon to GPU memory when sleeping

HackSysExtremeVulnerableDriver

HackSys Extreme Vulnerable Windows Driver

hide_execute_memory

隐藏可执行内存

InfinityHookPro

InfinityHookPro Win7 -> Win11 latest

InstallerFileTakeOver

KaynLdr

KaynLdr is a Reflective Loader written in C/ASM

kdbg-driver-workstation

MobaXterm-Keygen

MobaXterm Keygen Originally by DoubleLabyrinth

mwdb_iocextract

NO_ACCESS_Protection

NtRays

Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

oof

Convenient, high-performance RGB color and position control for console output

ParallelSyscalls

PowerRemoteDesktop

Remote Desktop entirely coded in PowerShell.

Slavyana

Windows Sandbox Framework

SyscallsExample

Simple project using syscalls (via Syswhispers2) to execute MessageBox shellcode.

sysmon-cheatsheet

All sysmon event types and their fields explained

TaskSched

vmpfix

Universal x86/x64 VMProtect 2.0-3.X Import fixer