moodsdada's repositories
awesome-malware-analysis
Defund the Police.
bochspwn
A Bochs-based instrumentation project designed to log kernel memory references, to identify "double fetches" and other OS vulnerabilities
capstone
Capstone disassembly/disassembler framework: Core (Arm, Arm64, BPF, EVM, M68K, M680X, MOS65xx, Mips, PPC, RISCV, Sparc, SystemZ, TMS320C64x, Web Assembly, X86, X86_64, XCore) + bindings.
CiDllDemo
Use ci.dll API for validating Authenticode signature of files
CPlusPlusThings
C++那些事
cuckoo
Cuckoo Sandbox is an automated dynamic malware analysis system
defcon_27_windbg_workshop
DEFCON 27 workshop - Modern Debugging with WinDbg Preview
Detours
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
dxx
Windows Kernel Driver with C++ runtime
fucking-algorithm
手把手撕LeetCode题目,扒各种算法套路的裤子。English version supported! Crack LeetCode, not only how, but also why.
ghidra
Ghidra is a software reverse engineering (SRE) framework
hidden
Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc
Hypervisor-From-Scratch
Source code of a multiple series of tutorial about hypervisor. Available at:
InfinityHook
Hook system calls, context switches, page faults and more.
interview_internal_reference
2019年最新总结,阿里,腾讯,百度,美团,头条等技术面试题目,以及答案,专家出题人分析汇总。
metasploit-framework
Metasploit Framework
NoMercy
Open source anti cheat
OpenArk
OpenArk is a open source anti-rookit(ARK) tool on Windows.
PeaceMaker
PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.
PerfMon
first commit
processhacker
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
Shark
Turn off PatchGuard in real time for win7 (7600) ~ win10 (18362).
ShellCodeFrame
使用纯C/C++编写的ShellCode生成框架
SKREAM
SentinelOne's KeRnel Exploits Advanced Mitigations
unicorn_pe
Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.
windbgtree
A command tree based on commands and extensions for Windows Kernel Debugging.
Windows-driver-samples
This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
windows-syscalls
Windows System Call Tables (NT/2000/XP/2003/Vista/2008/7/2012/8/10)
WinObjEx64
Windows Object Explorer 64-bit
yara
The pattern matching swiss knife