zmkeh's repositories
ADPT
DLL proxying for lazy people
CVE-2024-21338
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.
CVE-2024-26229
CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
DllMainHijacking
Resolve the issue of DLLmain function in white and black DLLs hanging when calling shellcode
EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
FileHide
filter driver to hide files and directories
firewall-bypass
Download data from the internet bypassing the firewall using process injection
fuzzable
Framework for Automating Fuzzable Target Discovery with Static Analysis. Featured at Black Hat Arsenal USA 2022.
havoc-PoolParty
Windows Thread Pool Injection Havoc Implementation
illusion-rs
Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
ioctlance
A tool that is used to hunt vulnerabilities in x64 WDM drivers
lsa-whisperer
Tools for interacting with authentication packages using their individual message protocols
Malware-Knowledge-Graph
Create malware knowledge graphs from analysis reports
merlin
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
msFuzz
Targeting Windows Kernel Driver Fuzzer
nysm
nysm is a stealth post-exploitation container.
obfuscator
PE bin2bin obfuscator
OSEP_C-code
osep学习笔记 代码
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
research
General research for Dreadnode
SearchAvailableExe
寻找可利用的白文件
simplewall
Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
unKover
PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.
VakScript
Spaceglider for League of Legends.
windows-rootkit
windows rootkit
winsos-poc
A PoC demonstrating code execution via DLL Side-Loading in WinSxS binaries.