xrv3ovl

Advanced-Process-Injection-Workshop

antispy

AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With its assistance,you can easily spot and neutralize malwares hidden from normal detectors.

Back2TheFuture

Find patterns of vulnerabilities on Windows in order to find 0-day and write exploits of 1-days. We use Microsoft security updates in order to find the patterns.

BaseSpec

A tool for comparing cellular layer 3 protocol messages between the specification documents and baseband implementations

cpplinks

A categorized list of C++ resources.

CustomShim

Example/starter code for custom Windows application compatibility shims

CVE-2021-1732-Exploit

CVE-2021-1732 Exploit

d-time

This repository contains D-TIME: Distributed Threadless Independent Malware Execution for Runtime Obfuscation.

Daat

a simple intel vt code both support x86 & x64. PatchGuard monitor.

HIGU_ntcall

Extended library for using direct system calls on windows

hygieia

Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.

idp_hexagon

Hexagon processor module for IDA Pro disassembler

kernel_training

lotus

Kernel-mode driver for Windows that performs memory functions. Made for learning windows internals/reverse engineering

manual-syscall-detect

A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.

MINT

Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.

Nt-Modules

Collect different versions of Crucial modules.

ShannonFirmware

Samples of Shannon baseband firmware for research purposes.

SimpleWhpDemo

Simple Demo of using Windows Hypervisor Platform

ssde

SSDE is a collection of utilities that help in having Windows load your custom signed kernel drivers when Secure Boot is on and you own the system's platform key, instead of using test mode.

T.D.P

Using Thread Description To Hide Shellcode

TartarusGate

TartarusGate, Bypassing EDRs

TheSubZeroProject

A multi-staged malware that contains a kernel mode rootkit and a remote system shell.

USBlocker

Disable any USB Mass Storage device from kmode using a pnp filter driver

VC-LTL

Shared to msvcrt.dll and optimize the C/C++ application file size.

vmware-rpc-tools

Communication sniff tools both host and guest

Windows-Research-Kernel-Hacking

Operating Systems technical challenge based on the Windows Research Kernel

WindowsDllsExport

A list of all the DLLs export in C:\windows\system32\

YY-Thunks

Fix DecodePointer, EncodePointer,RegDeleteKeyEx etc. APIs not found in Windows XP RTM.

zines