zmkeh's repositories
LOLDrivers
Living Off The Land Drivers
2D-Injector
Hiding unsigned DLL inside a signed DLL
Blindside
Utilizing hardware breakpoints to evade monitoring by Endpoint Detection and Response platforms
CaveCarver
CaveCarver - PE backdooring tool which utilizes and automates code cave technique
cursor
An editor made for programming with AI 🤖
Defender_Exclusions-BOF
A BOF to determine Windows Defender exclusions.
dogxss
dogxss(基于Go-admin框架和ezxss_payload完成):ezxss的Golang版本.
Driver-Kernel
simple driver project I made, it's ud on most of today's games
DriverBuddyReloaded
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
gpt4all
gpt4all: a chatbot trained on a massive collection of clean assistant data including code, stories and dialogue
Havoc
The Havoc Framework
linuxKernelRoot
新一代root,跟面具完全不同思路,摆脱面具被检测的弱点,完美隐藏root功能,挑战全网root检测手段,兼容安卓APP直接JNI调用,稳定、流畅、不闪退。
MemFiles
A CobaltStrike toolkit to write files produced by Beacon to memory instead of disk
MISP
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
ntdlll-unhooking-collection
different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
packer-tutorial
A tutorial on how to write a packer for Windows!
peft
🤗 PEFT: State-of-the-art Parameter-Efficient Fine-Tuning.
PsNotifRoutineUnloader
This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCreateThreadNotifyRoutine from ESET Security to bypass the driver detection
sharem
SHAREM is a shellcode analysis framework, capable of emulating more than 12,000 WinAPIs and virutally all Windows syscalls. It also contains its own custom disassembler, with many innovative features, such as being able to show the deobfuscated disassembly of an encoded shellcode, or integrating emulation data to enhance the disassembly.
ThreadlessInject-BOF
BOF implementation of @_EthicalChaos_'s ThreadlessInject project. A novel process injection technique with no thread creation, released at BSides Cymru 2023.
transformers
🤗 Transformers: State-of-the-art Machine Learning for Pytorch, TensorFlow, and JAX.
VMProtect-Source
Source of VMProtect (NOT OFFICIALLY)
WinArk
Windows Anti-Rootkit Tool
windows-internals
My notes while studying Windows internals
WindowSpy
WindowSpy is a Cobalt Strike Beacon Object File meant for targeted user surveillance. 自动截图
zeroimport
ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel driver by importing at runtime.
zmkeh.github.io
Hacker is a Jekyll theme for GitHub Pages