A C library that may be linked into a C/C++ program to produce symbolic backtraces

This project aims to compare and evaluate the telemetry of various EDR products.

A method of bypassing EDR's active projection DLL's by preventing entry point exection

Bootkit for Windows Sandbox to disable DSE/PatchGuard.

Evasive shellcode loader for bypassing event-based injection detection (PoC)

TypeDive: Multi-Layer Type Analysis (MLTA) for Refining Indirect-Call Targets

A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Windows Kernel Drivers fuzzer

PoC for the Untrusted Pointer Dereference in the ks.sys driver

A set of programs for analyzing common vulnerabilities in COM

Access without a real handle

windows-rs shellcode loaders

Driver loader for bypassing Windows x64 Driver Signature Enforcement

Asynchronous Procedure Calls

Dump the memory of a PPL with a userland exploit

driver manual mapper (outdated/for educational purposes)

Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!

Proof of concept on how to bypass some limitations of a manual mapped driver

PatchGuard Research

Patching and hooking the Linux kernel with only a stripped Linux kernel image.

Recognize cpu instructions in an arbitrary binary file

🎯 Command Injection Payload List

Syringe allows the injection of code from a DLL into a process it started.

Syringe allows the injection of code from a DLL into a process it started.

将shellcode用rsa加密并动态编译exe，自带几种反沙箱技术。