xrv3ovl's repositories
Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
rtypes
A simple but useful project maybe help you reverse Windows.
acdrv
base for testing
KernelInjector
PoC kernel to usermode injection
Mile.Project.Windows
Configuration template for simplifying the definition of Visual Studio (MSBuild) C++ projects.
EAC-CR3-BYPASS
A simple UM + KM example of how to bypass EAC CR3
VanguardTrace
Decrypting and intercepting encrypted imports of Vanguards Kernel Driver
Medusa
Radical Windows ARK
DrvMon
a monitoring windows driver calls kernel api tools
MinifilterHook
silence file system monitoring components by hooking their minifilters
micore
It is mainly the implementation of user-level functions in the kernel on the Windows platform.
Stardust
A modern 64-bit position independent implant template
win-reverse
ntos shit
llvm-yx-callobfuscator
LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
AtlasLdr
Reflective x64 PE/DLL Loader implemented using Dynamic Indirect Syscalls
openedr
Open EDR public repository
shadow_syscall
convenient use of syscalls with a single line and a comfort wrapper, unfriendly for reverse engineer
ThreadlessStompingKann
Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.
maldoca
Malicious Microsoft Office document analyzer
msFuzz
Targeting Windows Kernel Driver Fuzzer
smartvmi
Virtual Machine Introspection (VMI) for memory forensics and machine-learning.
Windows-Internals
Learnings about windows Internals