SWaNk's repositories
RansomWatch
Ransomware detection application for Windows using Windows Minifilter driver
C2ReverseProxy
一款可以在不出网的环境下进行反向代理及cs上线的工具
goWMIExec
Really stupid re-implementation of invoke-wmiexec
CiDllDemo
Use ci.dll API for validating Authenticode signature of files
CVE-2018-19320
Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)
DarkLoadLibrary
LoadLibrary for offensive operations
file-system-filter
Windows file system filter driver - illustration of the technology
FSDefender
Technion CS Ransomware Project: Writing Windows Mini-Filter Driver to protect PC from Ransomware
hidden
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc
HideDriver
之前那份是7600的,每次编译搞得好麻烦。更新一个VS2017可以直接编译的。
injdrv
proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
Kernelmode-manual-mapping-through-IAT
Manual mapping without creating any threads, with rw only access
LazyCopy
NTFS minifilter driver that can download file content from a remote location, when it is opened for the first time.
netspy
netspy是一款快速探测内网可达网段工具(深信服深蓝实验室天威战队强力驱动)
OffensiveVBA
This repo covers some code execution and AV Evasion methods for Macros in Office documents
PELoader
PE loader with various shellcode injection techniques
PPLdump
Dump the memory of a PPL with a userland exploit
PPLRunner
Run Processes as PPL with ELAM
Prevent_File_Deletion
Record & prevent file deletion in kernel mode
procfilter
A YARA-integrated process denial framework for Windows
Screwed-Drivers
"Screwed Drivers" centralized information source for code references, links, etc.
stats
A well tested and comprehensive Golang statistics library package with no dependencies.
T.D.P.
Using Thread Description To Hide Shellcodes
TheSubZeroProject
A multi-staged malware that contains a kernel mode rootkit and a remote system shell.
VMProtect-devirtualization
Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.