Beast code in Giters

xrv3ovl's starred repositories

MemView

Show all mapped memory in a process

Language:C++MIT1500

Windbg-Scripts

100

ZeroHVCI

Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.

Language:C13300

RpcProxyInvoke

Simple POC library to execute arbitrary calls proxying them via NdrServerCall2 or similar

Language:C++8800

API-To-ETW

Uses ghidra to find all ETW write metadata for each API in a PE file

Language:Java600

nyxstone

Nyxstone: assembly / disassembly library based on LLVM, implemented in C++ with Rust and Python bindings, maintained by emproof.com

Language:C++MIT30100

IDA-Pro-SigMaker

Signature maker plugin for IDA 8.x

Language:C++MIT23400

CodeLabyrinth

LLVM Obfuscation Pass

Language:C++AGPL-3.01000

RIPPL

RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows

MIT200

VehApiResolve

Language:C++MIT9600

ext

C++ Extended Template Library

Language:C++BSD-3-Clause1300

win32-ex

Win32 API Experimental(or Extension) features

Language:C++MIT3700

PeaceMaker

PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.

Language:C++MIT40900

clang-languageservice

A language service built atop Clang

Language:C++100

v8dbg

Sample WinDbg extension

Language:C++1400

xVMP

Language:C++41000

DLest

Microsoft Windows DLL Export Browser (Enumerate Exports, COM Methods and Properties) with Advanced Search Features.

Language:PascalApache-2.017200

DLLHSC

DLLHSC - DLL Hijack SCanner a tool to assist with the discovery of suitable candidates for DLL Hijacking

Language:C++MIT13700

DynamicWrapperEx

x64 Registration-Free In-Process COM Automation Server.

Language:C++GPL-3.04500

DLLSpy

DLL Hijacking Detection Tool

Language:C++LGPL-3.01100

KernelInjector

PoC kernel to usermode injection

Language:C++4600

PatchaPalooza

A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates.

Language:Python17300

superfetch

Translate virtual addresses to physical addresses from usermode.

Language:C++MIT1300

swag

Home of the Swag programming language compiler and standard workspace

Language:C++MIT1500

Ollvm18

Language:Makefile800

Obfvious

Language:LLVMApache-2.01300

ClearDriverTraces

clearing traces of a loaded driver

Language:C4500

KDP-compatible-driver-loader

KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys

Language:C11100

Medusa

Radical Windows ARK

Language:C19600

ThreadlessStompingKann

Combining 3 techniques (Threadless Injection + DLL Stomping + Caro-Kann) together to evade MDE.

Language:C3100