꿀보's repositories
BugChecker
SoftICE-like kernel debugger for Windows 11
ADPT
DLL proxying for lazy people
AsmHalosGate
x64 Assembly HalosGate direct System Caller to evade EDR UserLand hooks
AtomPePacker
A Highly capable Pe Packer
concealed_code_execution
Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows
CustomProcessingUnit
The first dynamic analysis framework for CPU microcode
DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
DotDumper
An automatic unpacker and logger for DotNet Framework targeting files
eagle-rs
Rusty Rootkit: Windows Kernel Driver in Rust for Red Teamers
Gepetto
IDA plugin which queries OpenAI's davinci-003 language model to speed up reverse-engineering
go-secdump
Tool to remotely dump secrets from the Windows registry
ida_bochs_windows
Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)
KDU
Kernel Driver Utility
linjector-rs
Code injection on Android without ptrace
MalwareApiLibrary
collection of apis used in malware development
Mangle
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
NoScreen
Hiding the window from screenshots using the function win32kfull::GreProtectSpriteContent
ntoskrnl_file_collection
Collect various versions of ntoskrnl files
Offensive-OSINT-Tools
OffSec OSINT Pentest/RedTeam Tools
portaudio
PortAudio is a cross-platform, open-source C language library for real-time audio input and output.
VmwareHardenedLoader
Vmware Hardened VM detection mitigation loader (anti anti-vm)
Windows-Kernel-Explorer
A free but powerful Windows kernel research tool
Yumekage
Demo proof of concept for shadow regions, and implementation of HyperDeceit.