vatsalmasrani's repositories
Windows-Internals
all the fun stuff that windows has to offer
1earn
个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
BookCode
Source code for my books
bypassUAC
基于注册表劫持BypassUAC
ByteDance-HIDS
ByteDance-HIDS is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
CobaltStrike
CobaltStrike's source code
CVE-2020-0787-EXP-ALL-WINDOWS-VERSION
Support ALL Windows Version
CVE-2020-16938
Bypassing NTFS permissions to read any files as unprivileged user.
CVE-2020-16947
PoC of CVE-2020-16947 (Microsoft Outlook RCE vulnerablility)
donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
EC_PRO-LAN
Early 2019 - late 2020. R.I.P. CVE-2020-12928 https://h0mbre.github.io/RyzenMaster_CVE/#
execute-shellcode-pgext
Postgres Extension to Execute Shellcodes
Il2CppDumper
Unity il2cpp reverse engineer
Kernelhub
Windows 提权漏洞合集,附带编译环境,演示GIF图,漏洞详细信息,可执行文件
ListRDPConnections
C# 读取本机对外RDP连接记录和其他主机对该主机的连接记录,从而在内网渗透中获取更多可通内网网段信息以及定位运维管理人员主机
malware_training_vol1
Materials for Windows Malware Analysis training (volume 1)
masqueradeCmdline
A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.
MemScanner
Analyze Windows x64 Kernel Memory Layout
NtCompareSigningLevel-hook
swap the function pointer in NtCompareSigningLevels for undetected driver communication.
PCIBan
A PoC for requesting HWIDs directly from hardware, skipping any potential hooks or OS support.
redteam_vul
红队作战中比较常遇到的一些重点系统漏洞整理。
Shell_Protect
VM一键加壳/脱壳,全压缩,反调试等
shellcodeloader
shellcodeloader
solorigate_sample_source
Decompile of the Solorwinds "SUNBURST" Trojan associated with Campaign UNC2452 This is the SolarWinds.Orion.Core.BusinessLayer.dll file from the v2019.4.5220-Hotfix5.msp Patch
umap
UEFI bootkit for driver manual mapping
Win_Rootkit
A kernel-mode rootkit with remote control
Windows-classic-samples
This repo contains samples that demonstrate the API used in Windows classic desktop applications.