killF8's repositories
3proxy
3proxy - tiny free proxy server
anycall
x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
bitcoin
Bitcoin Core integration/staging tree
Blackbone
Windows memory hacking library
hidden
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
r77-rootkit
Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
ReflectiveDLLInjection
Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process.
Divert
WinDivert: Windows Packet Divert
FilelessPELoader
Loading Remote AES Encrypted PE in memory , Decrypted it and run it
HyperDeceit
HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate operating system tasks with ease.
InfinityHook
Hook system calls, context switches, page faults and more.
InfinityHookPro
InfinityHookPro Win7 -> Win11 latest
Inline-Execute-PE
Execute unmanaged Windows executables in CobaltStrike Beacons
IRPMon
The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracker but has several enhancements. It supports 64-bit versions of Windows (no inline hooks are used, only moodifications to driver object structures are performed) and monitors IRP, FastIo, AddDevice, DriverUnload an
kdmapper
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
miniblink49
a lighter, faster browser kernel of blink to integrate HTML UI in your app. 一个小巧、轻量的浏览器内核,用来取代wke和libcef
Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
PrivKit
PrivKit is a simple beacon object file that detects privilege escalation vulnerabilities caused by misconfigurations on Windows OS.
ProcessHacker
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware—mirror of https://github.com/processhacker2/processhacker.git
ReverseSocks5
Reverse Socks5 proxy for windows
RootKits-List-Download
This is the list of all rootkits found so far on github and other sites.
Scylla
Imports Reconstructor
ssrWin
ShadowsocksR (SSR) client for Windows
TitanHide
Hiding kernel-driver for x86/x64.
venom-rootkit
A simple Windows kernel rootkit.
VMProtect-Source
Source of VMProtect (NOT OFFICIALLY)
VX-API
Collection of various malicious functionality to aid in malware development
windowskernelprogrammingbook
The Windows Kernel Programming book samples