Kshom's repositories
Hades-Windows
Purity toolsHades A HIDS is designed run on Windows
artifacts-kit
Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
Callback_Shellcode_Injection
POCs for Shellcode Injection via Callbacks
CobaltStrike
CobaltStrike's source code
CVE-2020-0787-EXP-ALL-WINDOWS-VERSION
Support ALL Windows Version
CVE-2020-0796-POC
CVE-2020-0796 Pre-Auth POC
deflat
use angr to deobfuscation
dnlib
Reads and writes .NET assemblies and modules
doh-proxy
A proof of concept DNS-Over-HTTPS proxy implementing https://datatracker.ietf.org/doc/draft-ietf-doh-dns-over-https/
ExecuteAssembly
Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS headers, Unlinking .NET related modules, bypassing ETW+AMSI, avoiding EDR hooks via NT static syscalls (x64) and hiding imports by dynamically resolving APIs (hash).
exphub
Exphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat的漏洞利用脚本,均为亲测可用的脚本文件,优先更新高危且易利用的漏洞利用脚本,最近添加CVE-2020-1938、CVE-2020-2551、CVE-2019-2618、CVE-2019-6340
FLIRTDB
A community driven collection of IDA FLIRT signature files
hypervisor_research_notes
Some hypervisor research notes. There is also a useful exploit template that you can use to verify / falsify any assumptions you may make while auditing code, and for exploit development.
jpexs-decompiler
JPEXS Free Flash Decompiler
KasperskyHook
Hook system calls on Windows by using Kaspersky's hypervisor
mdn
Meta repository that governs the MDN GitHub organization
MemoryModulePP
modify from memorymodule. support exception
msdn-code-gallery-microsoft
Samples from Microsoft teams for the MSDN Code Gallery
OpenArk
OpenArk is a open source anti-rookit(ARK) tool on Windows.
phantom-dll-hollower-poc
Phantom DLL hollowing PoC
RunPE-In-Memory
Run a Exe File (PE Module) in memory (like an Application Loader)
ShellCodeFramework
绕3环的shellcode免杀框架
ssl_logger
Decrypts and logs a process's SSL traffic.
VMProtect-Source
Source of VMProtect (NOT OFFICIALLY)
win32
Public mirror for win32-pr
Windows-classic-samples
This repo contains samples that demonstrate the API used in Windows classic desktop applications.
Windows-driver-samples
This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.