Stars
This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IP…
Library that allows you to run 64bit code on a Wow64 32bit process
Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.
windows-kernel-exploits Windows平台提权漏洞集合
windows kernel security development
Volatility plugin for extracts configuration data of known malware
Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
List of Awesome Advanced Windows Exploitation References
Sysmon configuration file template with default high-quality event tracing
Windows - Weaponizing privileged file writes with the Update Session Orchestrator service
syzkaller is an unsupervised coverage-guided kernel fuzzer
Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
Hook system calls, context switches, page faults and more.
puppycodes / Malware-2
Forked from RPISEC/MalwareCourse materials for Malware Analysis by RPISEC
A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development
Use this library to automatically extract PE files compressed with aplib from a binary blob.
A curated list of Awesome Threat Intelligence resources
Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.
Hide your Powershell script in plain sight. Bypass all Powershell security features
Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.