xitan's starred repositories
Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
InviZzzible
InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
tpm-spoofer
Simple proof of concept kernel mode driver hooking tpm.sys dispatch to randomize any public key reads
FireDBG.for.Rust
🔥 Time Travel Visual Debugger for Rust
obfuscator
PE bin2bin obfuscator
rust-cpuid
cpuid library in rust.
showstopper
ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
guardian-rs
x86-64 code/pe virtualizer
DirectPageManipulation
A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy
OffensivePH
OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
shadow_syscall
convenient use of syscalls with a single line and a comfort wrapper, unfriendly for reverse engineer
process_doppelganging
My implementation of enSilo's Process Doppelganging (PE injection technique)
theodosius
Small OBJ/Archive Obfuscation framework