├── _config.yml ├── EN.jpg ├── Screenshot_1.png ├── Useful_tips.jpg ├── ENwVohqXsAAmwl3.jfif ├── ERmnJklXsAIQUZG.jfif ├── red_team_adversarial_attack_simulation_exercises_guidelines_v1.pdf └── README.md /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-hacker -------------------------------------------------------------------------------- /EN.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ondrik8/exploit/HEAD/EN.jpg -------------------------------------------------------------------------------- /Screenshot_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ondrik8/exploit/HEAD/Screenshot_1.png -------------------------------------------------------------------------------- /Useful_tips.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ondrik8/exploit/HEAD/Useful_tips.jpg -------------------------------------------------------------------------------- /ENwVohqXsAAmwl3.jfif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ondrik8/exploit/HEAD/ENwVohqXsAAmwl3.jfif -------------------------------------------------------------------------------- /ERmnJklXsAIQUZG.jfif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ondrik8/exploit/HEAD/ERmnJklXsAIQUZG.jfif -------------------------------------------------------------------------------- /red_team_adversarial_attack_simulation_exercises_guidelines_v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Ondrik8/exploit/HEAD/red_team_adversarial_attack_simulation_exercises_guidelines_v1.pdf -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Exploit 2 | 3 | #### Advanced Windows exploit development resources 4 | 5 | 6 | #### Really important resources 7 | 8 | - [terminus project](http://terminus.rewolf.pl/terminus/) 9 | - [React OS Win32k](https://reactos.org/wiki/Techwiki:Win32k) 10 | - [Geoff Chappell - Kernel-Mode Windows](https://www.geoffchappell.com/studies/windows/km/index.htm) 11 | - [HEVD Vulnerable driver](https://github.com/hacksysteam/HackSysExtremeVulnerableDriver) 12 | - [FLARE Kernel Shellcode Loader](https://github.com/fireeye/flare-kscldr) 13 | - [Vergilius - Undocumented kernel structures](https://www.vergiliusproject.com/) 14 | - [Windows X86-64 System Call Table](https://j00ru.vexillium.org/syscalls/nt/64/) 15 | - [Vulnerable Driver Megathread](https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html) 16 | 17 | ## Windows Rootkits 18 | 19 | **Talks / video recordings** 20 | 21 | - [11 part playlist - Rootkits: What they are, and how to find them](https://www.youtube.com/watch?v=ewNo_poX7bA&list=PLF58FB7BCB20ED11A) 22 | - [Hooking Nirvana](https://www.youtube.com/watch?v=pHyWyH804xE) 23 | - [Alex Ionescu - Advancing the State of UEFI Bootkits](https://www.youtube.com/watch?v=dpG97TBR3Ys) 24 | - [BlueHat v18 || Return of the kernel rootkit malware (on windows 10)](https://youtu.be/qVIxFfXpyNc) 25 | - [Numchecker: A System Approach for Kernel Rootkit Detection](https://www.youtube.com/watch?v=TgMsMwsfoQ0) 26 | - [DEF CON 26 - Ring 0 Ring 2 Rootkits Bypassing Defenses](https://www.youtube.com/watch?v=7AEMxaZhdLU) 27 | - [Black Hat Windows 2001 - Kernel Mode Rootkits](https://www.youtube.com/watch?v=99Znv6tgYS0) 28 | - [Black Hat Windows 2004 - DKOM (Direct Kernel Object Manipulation)](https://www.youtube.com/watch?v=1Ie20b5IGgY) 29 | - [RTFM SigSegv1 - From corrupted memory dump to rootkit detection](https://www.youtube.com/watch?v=hlhM_q3ZHfQ) 30 | 31 | **Articles / papers** 32 | 33 | - [Dissecting Turla Rootkit Malware Using Dynamic Analysis](https://www.lastline.com/labsblog/dissecting-turla-rootkit-malware-using-dynamic-analysis/) 34 | - [A quick insight into the Driver Signature Enforcement](https://j00ru.vexillium.org/2010/06/insight-into-the-driver-signature-enforcement/) 35 | - [WINDOWS DRIVER SIGNING BYPASS BY DERUSB](http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/) 36 | - [A Basic Windows DKOM Rootkit](https://blog.landhb.dev/posts/v9eRa/a-basic-windows-dkom-rootkit-pt-1/) 37 | 38 | ## Advanced Windows debugging 39 | 40 | **Talks / video recordings** 41 | 42 | - [Hacking Livestream #28: Windows Kernel Debugging Part I](https://www.youtube.com/watch?v=s5gOW-N9AAo) 43 | - [Hacking Livestream #29: Windows Kernel Debugging Part II](https://www.youtube.com/watch?v=4Xo_FAx6P0A) 44 | - [Hacking Livestream #30: Windows Kernel Debugging Part III](https://www.youtube.com/watch?v=7zTtVYjjquA) 45 | - [WinDbg Basics for Malware Analysis](https://www.youtube.com/watch?v=QuFJpH3My7A) 46 | - [Windows Debugging and Troubleshooting](https://www.youtube.com/watch?v=2rGS5fYGtJ4) 47 | - [CNIT 126 10: Kernel Debugging with WinDbg](https://www.youtube.com/watch?v=8sVZsxoCpSc) 48 | - [Windows Kernel Debugging Part I](https://www.youtube.com/watch?v=s5gOW-N9AAo) 49 | 50 | **Articles / papers** 51 | 52 | - [Getting Started with WinDbg - kernelmode](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/getting-started-with-windbg--kernel-mode-) 53 | 54 | ## Windows kernel mitigations 55 | 56 | **Talks / video recordings** 57 | 58 | - [BlueHat v18 || Hardening hyper-v through offensive security research](https://www.youtube.com/watch?v=8RCH0vFxWT4) 59 | - [BYPASS CONTROL FLOW GUARD COMPREHENSIVELY - this is cfg not kCFG](https://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively-wp.pdf) 60 | - [BlueHat v18 || Mitigation Bypass: The Past, Present, and Future](https://www.youtube.com/watch?v=WsoFmN3oDw8) 61 | - [Windows Offender Reverse Engineering Windows Defender's Antivirus Emulator](https://www.youtube.com/watch?v=LvW68czaEGs) 62 | - [Windows 10 Mitigation Improvements (really good talk)](https://www.youtube.com/watch?v=gCu2GQd0GSE) 63 | - [Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot](https://www.youtube.com/watch?v=v149T7p4XLA) 64 | - [Examining the Guardians of Windows 10 Security - Chuanda Ding](https://www.youtube.com/watch?v=a0AB76YNMlQ) 65 | - [Analysis of the Attack Surface of Windows 10 Virtualization-Based Security](https://www.youtube.com/watch?v=_646Gmr_uo0) 66 | - [A Dive in to Hyper-V Architecture & Vulnerabilities](https://www.youtube.com/watch?v=2bK_rC81_Eo) 67 | - [the last kaslr leak](https://www.youtube.com/watch?v=PTnuwchEci0) 68 | - [BlueHat v18 || A mitigation for kernel toctou vulnerabilities](https://www.youtube.com/watch?v=YGkhK55jitE) 69 | - [REcon 2013 - I got 99 problems but a kernel pointer ain't one ](https://www.youtube.com/watch?v=5HbmpPBKVFg) 70 | - [SMEP: What is it, and how to beat it on Windows](https://j00ru.vexillium.org/2011/06/smep-what-is-it-and-how-to-beat-it-on-windows/) 71 | - [BlueHat IL 2020 - David Weston - Keeping Windows Secure](https://www.youtube.com/watch?v=NlfZG2wTPZU) 72 | - [Advancing Windows Security — David Weston](https://www.youtube.com/watch?v=FJnGA4XRaq4) 73 | - [OffensiveCon18 - The Evolution of CFI Attacks and Defenses](https://www.youtube.com/watch?v=oOqpl-2rMTw) 74 | 75 | **Articles / papers** 76 | 77 | **General mitigation papers** 78 | 79 | - [Hardening Windows 10 with zero-day exploit mitigations](https://www.microsoft.com/security/blog/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/) 80 | - [TAKING WINDOWS 10 KERNEL EXPLOITATION TO THE NEXT LEVEL](https://www.blackhat.com/docs/us-17/wednesday/us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level%E2%80%93Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf) 81 | 82 | **kASLR** 83 | 84 | - [KASLR Bypass Mitigations in Windows 8.1](https://www.crowdstrike.com/blog/kaslr-bypass-mitigations-windows-81/) 85 | - [Devlopment of a new Windows 10 KASLR bypass - in one winDBG command](https://www.offensive-security.com/vulndev/development-of-a-new-windows-10-kaslr-bypass-in-one-windbg-command/) 86 | 87 | **SMEP** 88 | 89 | - [Bypassing Intel SMEP on Windows 8 x64 Using Return-oriented Programming](http://blog.ptsecurity.com/2012/09/bypassing-intel-smep-on-windows-8-x64.html) 90 | - [Return Oriented Programming Tutorial](https://rstforums.com/forum/topic/106553-rop-for-smep-bypass/) 91 | - [Stack Buffer Overflow (SMEP Bypass)](https://www.abatchy.com/2018/01/kernel-exploitation-4) 92 | - [Windows 10 x64 and Bypassing SMEP](https://connormcgarr.github.io/x64-Kernel-Shellcode-Revisited-and-SMEP-Bypass/) 93 | - [SMEP: What is it, and how to beat it on Windows](https://j00ru.vexillium.org/2011/06/smep-what-is-it-and-how-to-beat-it-on-windows/) 94 | 95 | **CET** 96 | 97 | - [Security Analysis of Processor Instruction Set Architecture for Enforcing Control-Flow Integrity](https://dl.acm.org/doi/pdf/10.1145/3337167.3337175) 98 | - [A Technical Look at Intel’s Control-flow Enforcement Technology](https://software.intel.com/content/www/us/en/develop/articles/technical-look-control-flow-enforcement-technology.html) 99 | - [Control-flow Enforcement Technology Specification](https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf) 100 | - [Intel CET Answers Call to Protect Against Common Malware Threats](https://newsroom.intel.com/editorials/intel-cet-answers-call-protect-common-malware-threats/) 101 | - [R.I.P ROP: CET Internals in Windows 20H1](https://windows-internals.com/cet-on-windows/) 102 | 103 | ## Windows kernel shellcode 104 | 105 | **Articles / papers** 106 | 107 | - [Loading Kernel Shellcode](https://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcode.html) 108 | - [Windows Kernel Shellcodes - a compendium](https://www.matteomalvica.com/blog/2019/07/06/windows-kernel-shellcode/) 109 | - [Windows Kernel Shellcode on Windows 10 – Part 1](https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-1) 110 | - [Windows Kernel Shellcode on Windows 10 – Part 2](https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-2) 111 | - [Windows Kernel Shellcode on Windows 10 – Part 3](https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-3) 112 | - [Panic! At The Kernel - Token Stealing Payloads Revisited on Windows 10 x64 and Bypassing SMEP](https://connormcgarr.github.io/x64-Kernel-Shellcode-Revisited-and-SMEP-Bypass/) 113 | - [Token Abuse for Privilege Escalation in Kernel](https://ired.team/miscellaneous-reversing-forensics/windows-kernel/how-kernel-exploits-abuse-tokens-for-privilege-escalation) 114 | - [Introduction to Shellcode Development](https://owasp.org/www-pdf-archive/Introduction_to_shellcode_development.pdf) 115 | - [Introduction to Windows shellcode development – Part 1](https://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/) 116 | 117 | ## Windows kernel exploitation 118 | 119 | **Talks / video recordings** 120 | 121 | - [Ilja van Sprundel: Windows drivers attack surface](https://www.youtube.com/watch?v=qk-OI8Z-1To) 122 | - [REcon 2015 - This Time Font hunt you down in 4 bytes](https://www.youtube.com/watch?v=uvy5BF1Nlio) 123 | - [Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018)](https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/) 124 | - [Windows kernel exploitation techniques - Adrien Garin - LSE Week 2016](https://www.youtube.com/watch?v=f8hTwFpRphU) 125 | - [Hackingz Ze Komputerz - Exploiting CAPCOM.SYS - Part 1](https://www.youtube.com/watch?v=pJZjWXxUEl4) 126 | - [Hackingz Ze Komputerz - Exploiting CAPCOM.SYS - Part 2](https://www.youtube.com/watch?v=UGWqq5kTiso) 127 | - [The 3 Way06 Practical Windows Kernel Exploitation](https://www.youtube.com/watch?v=hUCmV7uT29I) 128 | - [Reverse Engineering and Bug Hunting on KMDF Drivers](https://www.youtube.com/watch?v=puNkbSTQtXY) 129 | - [Binary Exploit Mitigation and Bypass History - not just kernel ](https://vimeo.com/379935124) 130 | - [Morten Schenk - Taking Windows 10 Kernel Exploitation to the next level](https://www.youtube.com/watch?v=Gu_5kkErQ6Y) 131 | - [REcon 2015 - Reverse Engineering Windows AFD.sys](https://www.youtube.com/watch?v=2sPNUpfTJ5A) 132 | - [Windows Kernel Graphics Driver Attack Surface](https://www.youtube.com/watch?v=uzPTyXQ1Oys) 133 | - [Understanding TOCTTOU in the Windows Kernel Font Scaler Engine](https://www.youtube.com/watch?v=61K3kqTRbzU) 134 | - [Black Hat USA 2013 - Smashing The Font Scaler Engine in Windows Kernel](https://www.youtube.com/watch?v=efgoislKd8Q) 135 | 136 | **Articles / papers** 137 | 138 | - [BlueKeep: A Journey from DoS to RCE (CVE-2019-0708)](https://www.malwaretech.com/2019/09/bluekeep-a-journey-from-dos-to-rce-cve-2019-0708.html) 139 | - [Windows Drivers are True’ly Tricky](https://googleprojectzero.blogspot.com/2015/10/windows-drivers-are-truely-tricky.html) 140 | - [Taking apart a double zero-day sample discovered in joint hunt with ESET](https://www.microsoft.com/security/blog/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/) 141 | - [Sharks in the Pool :: Mixed Object Exploitation in the Windows Kernel Pool](https://srcincite.io/blog/2017/09/06/sharks-in-the-pool-mixed-object-exploitation-in-the-windows-kernel-pool.html) 142 | - [Kernel Pool Overflow Exploitation in Real World: Windows 10](https://www.gatewatcher.com/en/news/blog/kernel-pool-overflow-exploitation-in-real-world-windows-10) 143 | - [Kernel Pool Overflow Exploitation in Real World - Windows 7](https://www.gatewatcher.com/en/news/blog/kernel-pool-overflow-exploitation-in-real-world-windows-7) 144 | - [Kernel Pool Exploitation on Windows 7](https://www.exploit-db.com/docs/english/16032-kernel-pool-exploitation-on-windows-7.pdf) 145 | - [Easy local Windows Kernel exploitation](https://media.blackhat.com/bh-us-12/Briefings/Cerrudo/BH_US_12_Cerrudo_Windows_Kernel_WP.pdf) 146 | - [Exploiting CVE-2014-4113](https://labs.f-secure.com/assets/BlogFiles/mwri-lab-exploiting-cve-2014-4113.pdf) 147 | - [Pwn2Own 2014 - AFD.sys Dangling Pointer Vulnerability](https://www.siberas.de/papers/Pwn2Own_2014_AFD.sys_privilege_escalation.pdf) 148 | - [Symantec Endpoint protection 0day](https://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/) 149 | - [Analysing the NULL SecurityDescriptor kernel exploitation mitigation in the latest Windows 10 v1607 Build 14393](https://labs.nettitude.com/blog/analysing-the-null-securitydescriptor-kernel-exploitation-mitigation-in-the-latest-windows-10-v1607-build-14393/) 150 | - [nt!_SEP_TOKEN_PRIVILEGES - Single Write EoP Protect](https://www.exploit-db.com/docs/english/41924-nt!_sep_token_privileges---single-write-eop-protect.pdf) 151 | 152 | ## Windows kernel GDI exploitation 153 | 154 | **Talks / video recordings** 155 | 156 | - [Abusing GDI for ring0 exploit primitives Evolution](https://www.youtube.com/watch?v=ruuVkTuNUSc) 157 | - [Demystifying Windows Kernel Exploitation by Abusing GDI Objects](https://www.youtube.com/watch?v=2chDv_wTymc) 158 | - [CommSec D1 - The Life & Death of Kernel Object Abuse](https://www.youtube.com/watch?v=_u7d9kLdi0c) 159 | - [Kernel Object Abuse by Type Isolation](https://www.youtube.com/watch?v=kOV-Y9HcJWM) 160 | 161 | **Articles / papers** 162 | 163 | - [Zero-day exploit (CVE-2018-8453) used in targeted attacks](https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/) 164 | - [The zero-day exploits of Operation WizardOpium](https://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/) 165 | - [Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium](https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/) 166 | - [Abusing GDI Objects for ring0 Primitives Revolution](https://sensepost.com/blog/2017/abusing-gdi-objects-for-ring0-primitives-revolution/) 167 | - [https://www.coresecurity.com/core-labs/articles/abusing-gdi-for-ring0-exploit-primitives](https://www.coresecurity.com/core-labs/articles/abusing-gdi-for-ring0-exploit-primitives) 168 | - [A Tale Of Bitmaps: Leaking GDI Objects Post Windows 10 Anniversary Edition](https://labs.f-secure.com/archive/a-tale-of-bitmaps/) 169 | - [CSW2017 Peng qiu shefang zhong win32k dark_composition](https://www.slideshare.net/CanSecWest/csw2017-peng-qiushefangzhong-win32k-darkcompositionfinnalfinnalrmmark) 170 | - [Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit)](https://www.fuzzysecurity.com/tutorials/expDev/21.html) 171 | 172 | ## Windows kernel Win32k.sys research 173 | 174 | **Talks / video recordings** 175 | 176 | - [BlackHat 2011 - Kernel Attacks Through User-Mode Callbacks](https://www.youtube.com/watch?v=EkGDSqpfzgg) 177 | 178 | **Articles / papers** 179 | 180 | - [TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln](https://googleprojectzero.blogspot.com/2020/04/tfw-you-get-really-excited-you-patch.html) 181 | - [One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild](https://blog.trendmicro.com/trendlabs-security-intelligence/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild/) 182 | - [Reverse Engineering the Win32k Type Isolation Mitigation](https://blog.quarkslab.com/reverse-engineering-the-win32k-type-isolation-mitigation.html) 183 | - [A new exploit for zero-day vulnerability CVE-2018-8589](https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/) 184 | - [Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005](https://www.microsoft.com/security/blog/2017/03/27/detecting-and-mitigating-elevation-of-privilege-exploit-for-cve-2017-0005/) 185 | - [Exploring CVE-2015-1701 — A Win32k Elevation of Privilege Vulnerability Used in Targeted Attacks 186 | ](https://blog.trendmicro.com/trendlabs-security-intelligence/exploring-cve-2015-1701-a-win32k-elevation-of-privilege-vulnerability-used-in-targeted-attacks/) 187 | - [Exploiting the win32k!xxxEnableWndSBArrows use-after-free](https://www.nccgroup.trust/globalassets/our-research/uk/blog-post/2015-07-07_-_exploiting_cve_2015_0057.pdf) 188 | - [New zero-day vulnerability CVE-2019-0859 in win32k.sys](https://securelist.com/new-win32k-zero-day-cve-2019-0859/90435/) 189 | - [Windows zero‑day CVE‑2019‑1132 exploited in targeted attacks](https://www.welivesecurity.com/2019/07/10/windows-zero-day-cve-2019-1132-exploit/) 190 | - [Windows Kernel Local Denial-of-Service #1: win32k!NtUserThunkedMenuItemInfo](https://j00ru.vexillium.org/2017/02/windows-kernel-local-denial-of-service-1/) 191 | - [Windows Kernel Local Denial-of-Service #2: win32k!NtDCompositionBeginFrame](https://j00ru.vexillium.org/2017/02/windows-kernel-local-denial-of-service-2/) 192 | - [Windows Kernel Local Denial-of-Service #4: nt!NtAccessCheck and family](https://j00ru.vexillium.org/2017/04/windows-kernel-local-denial-of-service-4/) 193 | - [Windows Kernel Local Denial-of-Service #5: win32k!NtGdiGetDIBitsInternal](https://j00ru.vexillium.org/2017/04/windows-kernel-local-denial-of-service-5/) 194 | - [Windows win32k.sys menus and some “close, but no cigar” bugs](https://j00ru.vexillium.org/2013/09/windows-win32k-sys-menus-and-some-close-but-no-cigar-bugs/) 195 | 196 | ## Windows Kernel logic bugs 197 | 198 | **Talks / video recordings** 199 | 200 | - [Get Off the Kernel if You Can't Drive - DEF CON 27 Conference](https://www.youtube.com/watch?v=tzWq5iUiKKg) 201 | 202 | **Articles / papers** 203 | 204 | - [A vulnerable driver: lesson almost learned](https://securelist.com/elevation-of-privileges-in-namco-driver/83707/) 205 | - [CVE-2020-12138 - Privilege Escalation in ATI Technologies Inc. Driver atillk64.sys](https://h0mbre.github.io/atillk64_exploit/) 206 | - [CVE-2019-18845 - Viper RGB Driver Local Privilege Escalation](https://www.activecyber.us/activelabs/viper-rgb-driver-local-privilege-escalation-cve-2019-18845) 207 | - [CVE-2020-8808 - CORSAIR iCUE Driver Local Privilege Escalation](https://www.activecyber.us/activelabs/corsair-icue-driver-local-privilege-escalation-cve-2020-8808) 208 | - [Logic bugs in Razer rzpnk.sys](https://www.fuzzysecurity.com/tutorials/expDev/23.html) 209 | - [Dell SupportAssist Driver - Local Privilege Escalation](http://dronesec.pw/blog/2018/05/17/dell-supportassist-local-privilege-escalation/) 210 | - [MSI ntiolib.sys/winio.sys local privilege escalation](http://blog.rewolf.pl/blog/?p=1630) 211 | - [CVE-2019-8372 - Local Privilege Elevation in LG Kernel Driver](http://www.jackson-t.ca/lg-driver-lpe.html) 212 | - [Reading Physical Memory using Carbon Black's Endpoint driver](https://billdemirkapi.me/Reading-Physical-Memory-using-Carbon-Black/) 213 | - [ASUS UEFI Update Driver Physical Memory Read/Write](https://codeinsecurity.wordpress.com/2016/06/12/asus-uefi-update-driver-physical-memory-readwrite/) 214 | - [Privilege escalation vulnerabilities found in over 40 Windows Drivers](https://mspoweruser.com/privilege-escalation-vulnerabilities-found-in-over-40-windows-drivers/) 215 | - [Blackat - KERNEL MODE THREATS AND PRACTICAL DEFENSES](https://i.blackhat.com/us-18/Thu-August-9/us-18-Desimone-Kernel-Mode-Threats-and-Practical-Defenses.pdf) 216 | - [Weaponizing vulnerable driver for privilege escalation— Gigabyte Edition!](https://medium.com/@fsx30/weaponizing-vulnerable-driver-for-privilege-escalation-gigabyte-edition-e73ee523598b) 217 | 218 | ## Windows kernel driver development 219 | 220 | **Talks / video recordings** 221 | 222 | - [Windows Kernel Programming - 14 part playlist](https://youtu.be/XUlbYRFFYf0) 223 | - [Windows Driver Development - 19 part playlist](https://youtu.be/T5VtaP-wtkk) 224 | - [Developing Kernel Drivers with Modern C++ - Pavel Yosifovich](https://www.youtube.com/watch?v=AsSMKL5vaXw) 225 | 226 | **Articles / papers** 227 | 228 | - [Driver Development Part 1: Introduction to Drivers](https://www.codeproject.com/Articles/9504/Driver-Development-Part-1-Introduction-to-Drivers) 229 | - [Driver Development Part 2: Introduction to Implementing IOCTLs](https://www.codeproject.com/Articles/9575/Driver-Development-Part-2-Introduction-to-Implemen) 230 | - [Driver Development Part 3: Introduction to driver contexts](https://www.codeproject.com/Articles/9636/Driver-Development-Part-3-Introduction-to-driver-c) 231 | - [Driver Development Part 4: Introduction to device stacks](https://www.codeproject.com/Articles/9766/Driver-Development-Part-4-Introduction-to-device-s) 232 | - [Creating IOCTL Requests in Drivers](https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/creating-ioctl-requests-in-drivers) 233 | - [Windows Drivers Part 2: IOCTLs](https://cylus.org/windows-drivers-part-2-ioctls-c678526f90ae) 234 | 235 | ## Windows internals 236 | 237 | **Talks / video recordings** 238 | 239 | - [Alex Ionescu Insection: AWEsomely Exploiting Shared Memory Objects](https://vimeo.com/133292423) 240 | - [Windows Internals](https://www.youtube.com/watch?v=vz15OqiYYXo) 241 | - [Windows 10 Segment Heap Internals](https://www.youtube.com/watch?v=hetZx78SQ_A) 242 | - [Windows Kernel Vulnerability Research and Exploitation - Gilad Bakas](https://www.youtube.com/watch?v=aRZ5Wi-NWXs) 243 | - [NIC 5th Anniversary - Windows 10 internals](https://youtu.be/ffYiIUOUAUs) 244 | - [Black Hat USA 2012 - Windows 8 Heap Intervals](https://www.youtube.com/watch?v=XxlzK0CLFN0) 245 | 246 | ## 0days - APT advanced malware research 247 | 248 | **Talks / video recordings** 249 | 250 | - [W32.Duqu: The Precursor to the Next Stuxnet](https://www.youtube.com/watch?v=SbkXffokmPE) 251 | - [Kernel Mode Threats and Practical Defenses](https://www.youtube.com/watch?v=BBJgKuXzfwc) 252 | - [Selling 0-Days to Governments and Offensive Security Companies](https://www.youtube.com/watch?v=ZDHHGZlEfsQ) 253 | 254 | **Articles / papers** 255 | 256 | - [The zero-day exploits of Operation WizardOpium](https://securelist.com/the-zero-day-exploits-of-operation-wizardopium/97086/) 257 | - [Zero-day exploit (CVE-2018-8453) used in targeted attacks](https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/) 258 | - [EternalBlue – Everything There Is To Know](https://research.checkpoint.com/2017/eternalblue-everything-know/) 259 | - [Digging Into a Windows Kernel Privilege Escalation Vulnerability: CVE-2016-7255](https://www.mcafee.com/blogs/other-blogs/mcafee-labs/digging-windows-kernel-privilege-escalation-vulnerability-cve-2016-7255/) 260 | 261 | ## Video game cheating (kernel mode stuff sometimes) 262 | 263 | **Talks / video recordings** 264 | 265 | - [Unveiling the Underground World of Anti-Cheats](https://www.youtube.com/watch?v=yJHyHU5UjTg) 266 | 267 | **Articles / papers** 268 | 269 | - [drvmap - driver manual mapper using capcom](https://www.unknowncheats.me/forum/anti-cheat-bypass/252685-drvmap-driver-manual-mapper-using-capcom.html) 270 | - [All methods of retrieving unique identifiers(HWIDs) on your PC](https://www.unknowncheats.me/forum/anti-cheat-bypass/333662-methods-retrieving-unique-identifiers-hwids-pc.html) 271 | - [Driver aka Kernel Mode cheating](https://www.unknowncheats.me/forum/anti-cheat-bypass/271733-driver-aka-kernel-mode.html) 272 | 273 | ## Hyper-V and VM / sandbox escape 274 | 275 | **Talks / video recordings** 276 | 277 | - [Vulnerability Exploitation In Docker Container Environments](https://www.youtube.com/watch?v=77-jaeUKH7c) 278 | - [Modern Exploitation of the SVGA Device for Guest-to-Host Escapes](https://www.youtube.com/watch?v=Y-G2WJ2cBKE) 279 | - [REcon 2014 - Breaking Out of VirtualBox through 3D Acceleration](https://www.youtube.com/watch?v=i29bAx6W1uI) 280 | - [36C3 - The Great Escape of ESXi](https://www.youtube.com/watch?v=XHDwsvywX50) 281 | - [BlueHat v18 || Straight outta VMware](https://www.youtube.com/watch?v=o36N5wi_ZFs) 282 | - [Hardening hyper-v through offensive security research](https://www.youtube.com/watch?v=8RCH0vFxWT4) 283 | - [A Driver in to Hyper v Architecture&Vulnerabilities](https://www.youtube.com/watch?v=p28eTnKo8sw) 284 | - [The HyperV Architecture and its Memory Manager](https://recon.cx/media-archive/2017/mtl/recon2017-mtl-10-andrea-allievi-The-HyperV-Architecture-and-its-Memory-Manager.mp4) 285 | - [Ring 0 to Ring -1 Exploitation with Hyper-V IPC](https://www.youtube.com/watch?v=_NaRZvrs8xY) 286 | - [Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine](https://www.youtube.com/watch?v=50xxJEODO3M) 287 | - [A Dive in to Hyper-V Architecture & Vulnerabilities](https://www.youtube.com/watch?v=2bK_rC81_Eo) 288 | 289 | **Articles / papers** 290 | 291 | - [Ventures into Hyper-V - Fuzzing hypercalls](https://labs.f-secure.com/blog/ventures-into-hyper-v-part-1-fuzzing-hypercalls) 292 | - [Fuzzing para-virtualized devices in Hyper-V](https://msrc-blog.microsoft.com/2019/01/28/fuzzing-para-virtualized-devices-in-hyper-v/) 293 | - [First Steps in Hyper-V Research](https://msrc-blog.microsoft.com/2018/12/10/first-steps-in-hyper-v-research/) 294 | - [Windows Sandbox Attack Surface Analysis](https://googleprojectzero.blogspot.com/2015/11/windows-sandbox-attack-surface-analysis.html) 295 | 296 | ## Fuzzing 297 | 298 | **Talks / video recordings** 299 | 300 | - [Windows Kernel Vulnerability Research and Exploitation](https://www.youtube.com/watch?v=aRZ5Wi-NWXs) 301 | - [Bugs on the Windshield: Fuzzing the Windows Kernel](https://www.youtube.com/watch?v=-BkjkimINC8) 302 | - [Windows Kernel Fuzzing for Intermediate Learners ](https://www.youtube.com/watch?v=wnNyPcerjJo) 303 | - [Windows Kernel Fuzzing For Beginners - Ben Nagy](https://www.youtube.com/watch?v=FY-33TUKlqY) 304 | - [Disobey 2018 - Building Windows Kernel fuzzer ](https://www.youtube.com/watch?v=mpXQvto4Vy4) 305 | - [For The Win: The Art Of The Windows Kernel Fuzzing ](https://www.youtube.com/watch?v=9FPuKfwucsw) 306 | - [RECON 2019 - Vectorized Emulation Putting it all together](https://www.youtube.com/watch?v=x4LPhwbTs9E) 307 | 308 | **Articles / papers** 309 | 310 | - [A year of Windows kernel font fuzzing #1: the results](https://googleprojectzero.blogspot.com/2016/06/a-year-of-windows-kernel-font-fuzzing-1_27.html) 311 | - [A year of Windows kernel font fuzzing #2: the techniques](https://googleprojectzero.blogspot.com/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html) 312 | 313 | ## Windows browser exploitation 314 | 315 | **Talks / video recordings** 316 | 317 | - [Digging for IE11 Sandbox Escapes Part 1](https://www.youtube.com/watch?v=q9dnYno_Moc) 318 | 319 | 320 | 321 | #### **APT_CyberCriminal_Campagin_Collections** 322 | [![APT_CyberCriminal_Campagin_Collections](http://img1.joyreactor.cc/pics/post/%D0%B3%D0%B8%D1%84%D0%BA%D0%B8-%D0%B1%D0%BE%D0%BB%D1%8C%D1%88%D0%B0%D1%8F-%D0%B3%D0%B8%D1%84%D0%BA%D0%B0-%D0%B0%D0%B2%D1%82%D0%BE%D0%BC%D0%B0%D1%82-%D0%BA%D0%B0%D0%BB%D0%B0%D1%88%D0%BD%D0%B8%D0%BA%D0%BE%D0%B2-4802419.gif)](https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections) 323 | 324 | 325 | 326 | ### /metasploit-unleashed/ 327 | [![metasploit-unleashed](https://www.offensive-security.com/wp-content/uploads/2015/03/msfu-logo1-768x240.png)](https://www.offensive-security.com/metasploit-unleashed/) 328 | 329 | 330 | 331 | 332 | ![hot](ERmnJklXsAIQUZG.jfif) 333 | 334 | ![hot](EN.jpg) 335 | 336 | 337 | ![hot](Screenshot_1.png) 338 | 339 | # Exploit Cheat Sheet 340 | ![hot](Useful_tips.jpg) 341 | 342 | [/EXPLOIT/MAP](https://threathunterplaybook.com/notebooks/windows/windows.html) MITRE ATT&CK Navigator 343 | 344 | [windows-kernel-exploits](https://github.com/SecWiki/windows-kernel-exploits) ms16-135 & etc.. 345 | 346 | ## [privilege-escalation](https://github.com/m0nad/awesome-privilege-escalation) 347 | 348 | ### [ByPassUAC](https://bytecode77.com/hacking/exploits) and etc.. 349 | 350 | https://github.com/antonioCoco/RogueWinRM 351 | 352 | [чекер](https://github.com/mishmashclone/carlospolop-privilege-escalation-awesome-scripts-suite/blob/master/winPEAS/winPEASbat/winPEAS.bat) типо Sherlock-a 353 | 354 | [UAC-me](https://github.com/hfiref0x/UACME) 59 методик 355 | 356 | [UAC_Bypass_In_The_Wild](https://github.com/Ridter/UAC_Bypass_In_The_Wild) 20 методов 357 | 358 | [PivotSuite](https://github.com/RedTeamOperations/PivotSuite.git) PivotSuite - это портативный, независимый от платформы и мощный набор инструментов для поворота сети, который помогает Red Teamers / Penetration Testers использовать взломанную систему для перемещения внутри сети. Это отдельная утилита, которую можно использовать как сервер или как клиент. 359 | 360 | ##### [CyberThreatIntel](https://github.com/StrangerealIntel/CyberThreatIntel) 361 | Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups 362 | 363 | 364 | # `awesome-windows-kernel-security-development` 365 | 366 | ## powershell 367 | 368 | - https://github.com/rootclay/Powershell-Attack-Guide 369 | 370 | ## pe file format 371 | 372 | - https://github.com/corkami/pics 373 | 374 | ## asm ide 375 | 376 | - https://github.com/ThomasJaeger/VisualMASM 377 | - https://github.com/Dman95/SASM 378 | - https://github.com/mrfearless/UASM-with-RadASM 379 | 380 | ## meltdown/spectre poc 381 | 382 | - https://github.com/turbo/KPTI-PoC-Collection 383 | - https://github.com/gkaindl/meltdown-poc 384 | - https://github.com/feruxmax/meltdown 385 | - https://github.com/Eugnis/spectre-attack 386 | 387 | ## lightweight c++ gui library 388 | 389 | - https://github.com/Xoliper/ANGE 390 | - https://github.com/iUIShop/LibUIDK (mfc skin ui) 391 | - https://github.com/zlgopen/awtk 392 | - https://github.com/idea4good/GuiLite 393 | - https://github.com/golang-ui/nuklear 394 | - https://github.com/Dovyski/cvui 395 | - https://github.com/andlabs/libui 396 | - https://github.com/hasaranga/RFC-Framework 397 | - https://github.com/dustpg/LongUI 398 | - https://github.com/bognikol/Eleusis 399 | 400 | ## direct ui 401 | 402 | - http://www.skinui.cn/ 403 | - https://www.showdoc.cc/skinui?page_id=135303 404 | - http://help.5yyz.com/665984 405 | - https://github.com/SOUI2/soui 406 | - https://github.com/netease-im/NIM_Duilib_Framework 407 | - https://github.com/gclxry/EasyDuilib 408 | - https://github.com/v-star0719/MFC_LogicalWnd 409 | - https://github.com/duzhi5368/FKDuiLibEditor 410 | - https://github.com/wanttobeno/bkuilib 411 | - https://github.com/wanttobeno/XSkin1.0 412 | - https://github.com/idea4good/GuiLite 413 | - https://github.com/redrains/DuiLib_Redrain 414 | - https://github.com/wanttobeno/UIDesigner 415 | - https://github.com/zhongyang219/TrafficMonitor 416 | - https://github.com/wanttobeno/Duilib_Extension 417 | - https://github.com/zhongyang219/MusicPlayer2 418 | - https://github.com/nmgwddj/duilib_tutorial 419 | - https://github.com/redrains/DuiLib_Redrain 420 | - https://github.com/nmgwddj/InstallAssist 421 | - https://github.com/netease-im/NIM_PC_UIKit 422 | - https://github.com/nmgwddj/Optimizer 423 | - https://github.com/nmgwddj/BarPCMaster (netbar) 424 | 425 | ## chrome 426 | 427 | - https://github.com/shuax/GreenChrome 428 | 429 | ## chrome Extension 430 | 431 | - https://github.com/Tuhinshubhra/ExtAnalysis 432 | 433 | ## cef 434 | 435 | - https://github.com/fanfeilong/cefutil 436 | - https://github.com/acristoffers/CEF3SimpleSample 437 | - https://github.com/sanwer/Browser 438 | 439 | ## WebBrowser 440 | 441 | - https://github.com/zhichao281/duilib-MiniBlinkBrowser 442 | - https://github.com/litehtml/litebrowser 443 | - https://github.com/venam/Browser (lib) 444 | - https://github.com/wanttobeno/Study_IWebBrowser2 445 | 446 | ## d3d 447 | 448 | - https://github.com/QianMo/Direct3D-Win32-Book-Src-Code 449 | - https://github.com/MKXJun/DirectX11-With-Windows-SDK 450 | - https://github.com/ThirteenAG/d3d9-wrapper 451 | 452 | ## opencv 453 | 454 | - https://github.com/JimmyHHua/opencv_tutorials 455 | 456 | ## lua 457 | 458 | - https://github.com/vinniefalco/LuaBridge 459 | 460 | ## c++ 11/14/17/20 461 | 462 | - https://github.com/akkaze/ThreadPool 463 | - https://github.com/xiaoweiChen/CPP-Concurrency-In-Action-2ed-2019 464 | - https://github.com/xiaoweiChen/CPP-17-STL-cookbook 465 | - https://github.com/changkun/modern-cpp-tutorial 466 | 467 | ## cmake 468 | 469 | - https://github.com/xiaoweiChen/CMake-Cookbook 470 | 471 | ## DesignPattern 472 | 473 | - https://design-patterns.readthedocs.io/zh_CN/latest/index.html 474 | - https://github.com/Waleon/DesignPatterns 475 | - https://github.com/GoodmanTao/DesignPatternInC 476 | 477 | ## c++ & js 478 | 479 | - https://github.com/xhawk18/promise-cpp 480 | - https://github.com/panopticoncentral/jsrt-wrappers 481 | - https://github.com/wargio/WSH-Framework 482 | - https://github.com/ExpLife0011/WebBrowser 483 | - https://github.com/wanttobeno/Study_mujs 484 | 485 | ## gdi/gdi+ 486 | 487 | - http://www.mctrl.org/ (win32 control lib) 488 | - https://github.com/wanttobeno/AlphaEditor 489 | - https://github.com/wanttobeno/FastZoomDemo (zoom) 490 | - https://github.com/wanttobeno/GdiPlusTextEffect 491 | - https://github.com/wanttobeno/GdiPlusString 492 | - https://github.com/wanttobeno/WindowFinder 493 | - https://github.com/wanttobeno/ymagine 494 | - https://github.com/wanttobeno/levels-adjustment 495 | - https://github.com/wanttobeno/ElipsePic 496 | - https://github.com/wanttobeno/windows-effect 497 | - https://github.com/wanttobeno/Study_easing_animation 498 | - https://github.com/wanttobeno/Study_FindPicAlgorithm (find picture algorithm) 499 | - https://github.com/wanttobeno/Window_GlassIntro_demo 500 | 501 | ## computer vision & machine learning 502 | 503 | - https://github.com/wanttobeno/sod 504 | 505 | ## compress 506 | 507 | - https://github.com/wanttobeno/snappy 508 | 509 | ## Dongle 510 | 511 | - https://github.com/wanttobeno/Dongle 512 | 513 | ## spy++ 514 | 515 | - https://github.com/wjx0912/MySpy 516 | 517 | ## Shell Extension for Windows Explorer 518 | 519 | - https://github.com/derceg/explorerplusplus 520 | - https://github.com/XhmikosR/perfmonbar (perfmonbar) 521 | - https://github.com/abhimanyusirohi/ThumbFish (nice demo) 522 | - https://github.com/matssigge/JASE 523 | - https://github.com/Oeffner/MtzExtInfoTip 524 | - https://github.com/danielgrigg/ContextMenuDemo 525 | - https://github.com/monolithpl/stexbar 526 | - https://github.com/CaSchmidt/csMenu 527 | - https://github.com/blndev/ExplorerUtilitys 528 | - https://github.com/pke/Windows-Explorer-OSGi-Shell-Extensions 529 | - https://github.com/Anton-V-K/MultiThumbExtension 530 | - https://github.com/0ffffffffh/ffmpegShellExtension 531 | - https://github.com/Ralph-Lee/WinShellExt 532 | - https://github.com/slivermeteor/LockKeys 533 | - https://github.com/alexandermenze/ShellExtensionInfoTip 534 | - https://github.com/jbrandwood/EditWith 535 | - https://github.com/calzakk/CyoHash 536 | - https://github.com/asa75asa/ImageResizer 537 | - https://github.com/tillig/JunctionShellExtensions 538 | - https://github.com/keybase/KBShellExt 539 | - https://github.com/T800G/StatusBar7 540 | - https://github.com/vladm3/ShellExtension 541 | - https://github.com/sop/cygextreg 542 | - https://github.com/AndreasVerhoeven/HTMLPreviewShellExtension 543 | - https://github.com/alvinhochun/KritaShellExtension 544 | - https://github.com/AUTOMATIC1111/3ds-shell 545 | - https://github.com/google/google-drive-shell-extension 546 | - https://github.com/TortoiseGit/TortoiseGit 547 | - https://github.com/sanje2v/MantaPropertyExtension 548 | - https://github.com/phwitti/cmdhere 549 | 550 | ## windows system programming 551 | 552 | - https://github.com/hynninen/win-pbkdf2 553 | - https://github.com/K0rz3n/PatchesTester (check system patch info) 554 | - https://github.com/nccgroup/WindowsJobLock (Windows Process Lockdown Tool using Job Objects) 555 | - https://github.com/long123king/TokenInsight 556 | - https://github.com/btbd/access (Access without a real handle) 557 | - https://github.com/CoatiSoftware/Sourcetrail (Source code explorer) 558 | - https://github.com/DoubleLabyrinth/WindowsSudo 559 | - https://github.com/AzureGreen/NetView 560 | - https://github.com/MFCer/AutoUpdate 561 | - https://github.com/ufrisk/LeechCore (Physical Memory Acquisition Library) 562 | - https://github.com/marcosd4h/sysmonx 563 | - https://github.com/Dankirk/RegSLScan 564 | - https://github.com/nogginware/mstscdump 565 | - https://github.com/zodiacon/ApiSetView 566 | - https://github.com/DOGSHITD/SciDetectorApp (SCI) 567 | - https://github.com/DOGSHITD/AcpiTool (ACPI) 568 | - https://github.com/VertexToEdge/WindowFunctionTracer 569 | - https://github.com/sganis/golddrive 570 | - https://github.com/yanncam/exe2powershell 571 | - https://github.com/owodelta/coilgun (Direct API Calling) 572 | - https://github.com/NYAN-x-CAT/Disable-Windows-Defender 573 | - https://github.com/d35ha/CallObfuscator 574 | - https://github.com/zodiacon/RegEditX 575 | - https://github.com/ZhanLang/jcfs (everything) 576 | - https://github.com/ZhanLang/msdk (sdk) 577 | - https://github.com/MiroKaku/ConMon 578 | - https://github.com/SinaKarvandi/Process-Magics 579 | - https://github.com/LoukaMB/ExceptionSupervisor 580 | - https://github.com/zmrbak/PcWeChatHooK 581 | - https://github.com/not-matthias/Nemesis (process dumper) 582 | - https://github.com/QAX-A-Team/EventCleaner 583 | - https://github.com/BlackINT3/none (common lib) 584 | - https://github.com/77Sera/BrowserSecurity 585 | - https://github.com/amitwaisel/Malproxy (Proxy system calls over an RPC channel) 586 | - https://github.com/jnastarot/soul_eater (it can extract functions from .dll, .exe, .sys) 587 | - https://github.com/mtth-bfft/lsobj 588 | - https://github.com/mtth-bfft/ntsec 589 | - https://github.com/fritzone/obfy 590 | - https://github.com/microsoft/NetworkDirect 591 | - https://github.com/jay/gethooks 592 | - https://github.com/laxodev/RAII-WINAPI-Memory-Manager 593 | - https://github.com/hfiref0x/WDExtract 594 | - https://github.com/binbibi/libedge 595 | - https://github.com/bb107/WinSudo 596 | - https://github.com/can1357/WinFaults 597 | - https://github.com/Silica/sandbox 598 | - https://github.com/horsicq/Nauz-File-Detector 599 | - https://github.com/horsicq/xntsv (nt struct) 600 | - https://github.com/jnastarot/shibari (pe+) 601 | - https://github.com/NoMoreFood/WinPriv 602 | - https://github.com/yejiansnake/windows-sys-base 603 | - https://github.com/lifenjoiner/pacdbger 604 | - https://github.com/lifenjoiner/sendto-plus 605 | - https://github.com/billziss-gh/winspd 606 | - https://github.com/ffiirree/Capturer 607 | - https://github.com/Claybird/lhaforge 608 | - https://github.com/jjzhang166/nargnos-WindowsUtil 609 | - https://github.com/cool2528/baiduCDP 610 | - https://github.com/anhkgg/SuperWeChatPC 611 | - https://github.com/Alex3434/GetHDDSerial 612 | - https://github.com/TonyChen56/HackerTools 613 | - https://github.com/libyal/liblnk 614 | - https://github.com/NtRaiseHardError/Kaiser 615 | - https://github.com/mengskysama/V8 (chrome v8 engine) 616 | - https://github.com/locustwei/WorkBack 617 | - https://github.com/360-A-Team/EventCleaner 618 | - https://github.com/Microsoft/Windows-classic-samples 619 | - https://github.com/troldal/OpenXLSX (.xlsx format) 620 | - https://github.com/mity/windrawlib (GDI+ Helper) 621 | - https://github.com/henrypp/errorlookup 622 | - https://github.com/longmode/authzsec-mod-um (AppContainer and ACL) 623 | - https://github.com/henrypp/memreduct 624 | - https://github.com/thomaslaurenson/LiveDiff (live diff) 625 | - https://github.com/thomaslaurenson/CellXML-offreg (hive file parse) 626 | - https://github.com/zhaolong/libparser (static lib parse) 627 | - https://github.com/WildByDesign/Privexec 628 | - https://github.com/KangLin/RabbitIm 629 | - https://github.com/kingsunc/MiniDump 630 | - https://github.com/amdf/reparselib 631 | - https://github.com/Zero3K/connectfusion (download manager) 632 | - https://github.com/Zero3K/ERAM (RAM Disk) 633 | - https://github.com/bailey27/cppcryptfs ( gocryptfs encrypted overlay filesystem) 634 | - https://github.com/etsubu/MacroRecorder (recording keyboard and mouse macros) 635 | - https://github.com/wyrover/CodeLib 636 | - https://github.com/Rprop/CppDLL (dll to .h and lib) 637 | - https://github.com/seledka/syslib 638 | - https://github.com/leecher1337/regremap 639 | - https://github.com/webees/ADkiller 640 | - https://github.com/skysilent/coroutine_study (fiber) 641 | - https://github.com/ruusty/NAntMenu 642 | - https://github.com/chrdavis/PIFShellExtensions 643 | - https://github.com/codepongo/zshellext 644 | - https://github.com/lz77win/lz77win_sources 645 | - https://github.com/Microsoft/perfview 646 | - https://github.com/GameTechDev/PresentMon 647 | - https://github.com/hfiref0x/BSODScreen 648 | - https://github.com/CasualX/LibEx 649 | - https://github.com/syhyz1990/baiduyun 650 | - https://github.com/WalkingCat/SymDiff 651 | - https://github.com/libyal/libevtx 652 | - https://github.com/wanttobeno/Screenshot 653 | - https://github.com/scarsty/tinypot 654 | - https://github.com/jonasblunck/DynHook 655 | - https://github.com/y11en/PEBFake (PEB fake) 656 | - https://github.com/wanttobeno/mousehook (setwindowhook) 657 | - https://github.com/wanttobeno/DXF-Viewer 658 | - https://github.com/wanttobeno/XmlConfigDemo 659 | - https://github.com/wanttobeno/GeneralHashFunctions 660 | - https://github.com/wanttobeno/Chrome-base-cpu 661 | - https://github.com/wanttobeno/stl_util 662 | - https://github.com/wanttobeno/LinkHelper 663 | - https://github.com/wanttobeno/Ring3GetProcessInfo 664 | - https://github.com/zsummer/breeze 665 | - https://github.com/wanttobeno/SoftWareManager 666 | - https://github.com/wanttobeno/GetMacAddress 667 | - https://github.com/wanttobeno/HtmlViewer 668 | - https://github.com/wanttobeno/AltServer 669 | - https://github.com/wanttobeno/GetPeInfo 670 | - https://github.com/wanttobeno/notepad 671 | - https://github.com/wanttobeno/PELearningMaterials 672 | - https://github.com/wanttobeno/Detours_4.0.1 673 | - https://github.com/wanttobeno/skinsb 674 | - https://github.com/wanttobeno/DLib-Attacher 675 | - https://github.com/wanttobeno/VmpHandle 676 | - https://github.com/wanttobeno/ScopeGuard (resource safe delete) 677 | - https://github.com/wanttobeno/HashMapDemo 678 | - https://github.com/wanttobeno/nanob (protobuf) 679 | - https://github.com/wanttobeno/baidu-sofa-pbrpc-win (protobuf) 680 | - https://github.com/xlet/UpdateClient 681 | - https://github.com/wanttobeno/AesFileProtection 682 | - https://github.com/wanttobeno/IeProxy 683 | - https://github.com/wanttobeno/MyProtocol 684 | - https://github.com/wanttobeno/Window_KeyAndMouseHook 685 | - https://github.com/wanttobeno/doublebufferedqueue (double buffered queue) 686 | - https://github.com/DoubleLabyrinth/010Editor-keygen (keygen) 687 | - https://github.com/wanttobeno/Cpp11ThreadPool 688 | - https://github.com/wanttobeno/Study_shellcode (shellcode) 689 | - https://github.com/wanttobeno/Study_algorithm (data struct) 690 | - https://github.com/wanttobeno/ThreadPool 691 | - https://github.com/wanttobeno/Study_threadpool (thread pool) 692 | - https://github.com/wanttobeno/Study_Websocket (websocket) 693 | - https://github.com/Amanieu/asyncplusplus 694 | - https://github.com/wanttobeno/Study_Socket 695 | - https://github.com/wanttobeno/DllProtect 696 | - https://github.com/allenyllee/The-CPUID-Explorer 697 | - https://github.com/wanttobeno/SunDaySearchSignCode 698 | - https://github.com/wanttobeno/x64_AOB_Search (fast search memory algorithm) 699 | - https://github.com/wanttobeno/iQIYI_Web_Video_Upload (http simulate upload) 700 | - https://github.com/wanttobeno/Study_XiaoMi_Login (https simulate login) 701 | - https://github.com/fawdlstty/NetToolbox 702 | - https://github.com/hzqst/FuckCertVerifyTimeValidity 703 | - https://github.com/717021/PCMgr (task manager) 704 | - https://github.com/silverf0x/RpcView (rpc) 705 | - https://github.com/ez8-co/unlocker () 706 | - https://github.com/nkga/self-updater (framework for secure self-update) 707 | - https://github.com/liamkirton/sslcat (nc with ssl) 708 | - https://github.com/Seineruo/RSA-Tool 709 | - https://github.com/PBfordev/wxAutoExcel 710 | - https://github.com/ax330d/Symex 711 | - https://github.com/Biswa96/PDBDownloader 712 | - https://github.com/Biswa96/TraceEvent 713 | - https://github.com/hfiref0x/Misc 714 | - https://github.com/SergioCalderonR/DelSvc 715 | - https://github.com/wyrover/win-privileges-examples (DACL) 716 | - https://github.com/nccgroup/WindowsDACLEnumProject (DACL) 717 | - https://github.com/xqymain/ServerLocker 718 | - https://github.com/wanttobeno/SunDaySearchSignCode (fast search memory) 719 | - https://github.com/zhongyang219/SimpleNotePad 720 | - https://github.com/zhongyang219/TrafficMonitor 721 | - https://github.com/codereba/data_scrambler (scrambler) 722 | - https://github.com/3gstudent/Catch-specified-file-s-handle (enum file handle) 723 | - https://github.com/intel/safestringlib 724 | - https://github.com/eyusoft/asutlity 725 | - https://github.com/ThomasThelen/BrowserLib 726 | - https://github.com/OSRDrivers/dirchange 727 | - https://github.com/OSRDrivers/deleteex (FileDispositionInfoEx) 728 | - https://github.com/notscimmy/YASS (sig scanner) 729 | - https://github.com/942860759/BrowserHistory 730 | - https://github.com/NoMoreFood/putty-cac 731 | - https://github.com/NoMoreFood/Repacls 732 | - https://github.com/NoMoreFood/WinPriv 733 | - https://github.com/NoMoreFood/Crypture 734 | - https://github.com/Microsoft/winfile 735 | - https://github.com/mullvad/windows-libraries 736 | - https://github.com/wjcsharp/wintools 737 | - https://github.com/nmgwddj/logs-monitor 738 | - https://github.com/nmgwddj/TaskbarTool 739 | - https://github.com/nmgwddj/DevCon 740 | - https://github.com/nmgwddj/SystemProcessInfo 741 | - https://github.com/nmgwddj/ServiceMgr 742 | 743 | ## etw 744 | 745 | - https://github.com/pierricgimmig/orbitprofiler 746 | 747 | ## wsl/unix 748 | 749 | - https://github.com/Mermeze/wslam (wsl anti malware) 750 | - https://github.com/Biswa96/WSLInstall 751 | - https://github.com/Biswa96/WslReverse 752 | - https://github.com/Biswa96/XConPty 753 | - https://github.com/mintty/wsltty.appx 754 | 755 | ## device tree 756 | 757 | - https://github.com/MartinDrab/VrtuleTree 758 | 759 | ## irp monitor 760 | 761 | - https://github.com/MartinDrab/IRPMon 762 | 763 | ## nt crucial modules 764 | 765 | - https://github.com/MeeSong/Nt-Crucial-Modules 766 | 767 | ## windows kernel driver 768 | 769 | - https://github.com/zhuhuibeishadiao/JunkDriveOpenSource 770 | - https://github.com/dearfuture/DriverTutorial 771 | - https://github.com/G4rb3n/Windows-Driver 772 | - https://github.com/btbd/wpp (Intercepting DeviceControl via WPP) 773 | - https://github.com/maharmstone/smbfs (SMB filesystem driver for Windows) 774 | - https://github.com/maharmstone/btrfs (Windows driver for the next-generation Linux filesystem Btrfs) 775 | - https://github.com/zodiacon/windowskernelprogrammingbook (sample) 776 | - https://github.com/0xcpu/ExecutiveCallbackObjects 777 | - https://github.com/alxbrn/r6s-external-nuklear-socket 778 | - https://github.com/vmcall/dxgkrnl_hook 779 | - https://github.com/alxbrn/kdmapper-1803-1903 780 | - https://github.com/juniorjacob/readwrite-kernel-stable 781 | - https://github.com/mstefanowich/IsFileSigned 782 | - https://github.com/apriorit/antirootkit-anti-splicer 783 | - https://github.com/Mouka-Yang/KernelDriverDemo 784 | - https://github.com/tomLadder/WinLib 785 | - https://github.com/coltonon/MoaRpm 786 | - https://github.com/wanttobeno/ProcessManager_Ring0 787 | - https://github.com/wanttobeno/Win_Driver_Mouse_And_Key 788 | - https://github.com/wanttobeno/Win64DriverStudy_Src 789 | - https://github.com/tdevuser/MalwFinder 790 | - https://github.com/Sqdwr/WriteFile_IRP 791 | - https://github.com/nmgwddj/learn-windows-drivers 792 | - https://github.com/mq1n/EasyRing0 793 | 794 | ## windows kernel driver with c++ runtime 795 | 796 | - https://github.com/avakar/vcrtl 797 | - https://github.com/ZhanLang/msddk 798 | - https://github.com/DragonQuestHero/Kernel-Force-Delete (force delete file) 799 | - https://github.com/MeeSong/WDKExt 800 | - https://github.com/HoShiMin/Kernel-Bridge (power) 801 | - https://github.com/wjcsharp/Common 802 | - https://github.com/ExpLife/DriverSTL 803 | - https://github.com/sysprogs/BazisLib 804 | - https://github.com/AmrThabet/winSRDF 805 | - https://github.com/sidyhe/dxx 806 | - https://github.com/zer0mem/libc 807 | - https://github.com/eladraz/XDK 808 | - https://github.com/vic4key/Cat-Driver 809 | - https://github.com/AndrewGaspar/km-stl 810 | - https://github.com/zer0mem/KernelProject 811 | - https://github.com/zer0mem/miniCommon 812 | - https://github.com/jackqk/mystudy 813 | - https://github.com/yogendersolanki91/Kernel-Driver-Example 814 | 815 | ## blackbone 816 | 817 | - https://github.com/AbinMM/MemDllLoader_Blackbone 818 | - https://github.com/hzqst/unicorn_pe 819 | - https://github.com/nofvcks/AimKit-Pasted-Driver 820 | - https://github.com/alexpsp00/x-elite-loader 821 | - https://github.com/DarthTon/Xenos 822 | - https://github.com/DarthTon/Blackbone 823 | 824 | ## hidinput 825 | 826 | - https://github.com/changeofpace/MouHidInputHook 827 | - https://github.com/hawku/TabletDriver 828 | - https://github.com/ViGEm/HidGuardian 829 | - https://github.com/ecologylab/EcoTUIODriver 830 | - https://github.com/djpnewton/vmulti 831 | - https://github.com/duzhi5368/FKHIDKeyboardSimTest (support usb) 832 | - https://github.com/Jehoash/WinIO3.0 833 | 834 | ## dkom 835 | 836 | - https://github.com/waryas/EUPMAccess 837 | - https://github.com/notscimmy/pplib 838 | - https://blog.csdn.net/zhuhuibeishadiao/article/details/51136650 (get process full path name) 839 | - https://bbs.pediy.com/thread-96427.htm (modify process image name) 840 | - https://github.com/ZhuHuiBeiShaDiao/PathModification 841 | - https://github.com/ZhuHuiBeiShaDiao/NewHideDriverEx 842 | - https://github.com/Sqdwr/HideDriver 843 | - https://github.com/nbqofficial/HideDriver 844 | - https://github.com/landhb/HideProcess 845 | - https://github.com/tfairane/DKOM 846 | 847 | ## ssdt hook 848 | 849 | - https://github.com/Sqdwr/64-bits-inserthook 850 | - https://github.com/int0/ProcessIsolator 851 | - https://github.com/mrexodia/TitanHide (x64dbg Plugin)-(DragonQuestHero Suggest) 852 | - https://github.com/papadp/shd 853 | - https://github.com/bronzeMe/SSDT_Hook_x64 854 | - https://github.com/s18leoare/Hackshield-Driver-Bypass 855 | - https://github.com/sincoder/hidedir 856 | - https://github.com/wyrover/HKkernelDbg 857 | - https://github.com/CherryZY/Process_Protect_Module 858 | - https://github.com/weixu8/RegistryMonitor 859 | - https://github.com/nmgwddj/Learn-Windows-Drivers 860 | 861 | ## eat/iat/object/irp/iat hook 862 | 863 | - https://github.com/Rat431/ColdKernel_KUSER 864 | - https://github.com/hasherezade/IAT_patcher 865 | - https://github.com/Cyrex1337/hook.lib 866 | - https://github.com/hMihaiDavid/hooks 867 | - https://github.com/Scorbutics/IATHook 868 | - https://github.com/amazadota/AFD-HOOK- 869 | - https://github.com/wyyqyl/HookIAT 870 | - https://github.com/smore007/remote-iat-hook 871 | - https://github.com/m0n0ph1/IAT-Hooking-Revisited 872 | - https://github.com/xiaomagexiao/GameDll 873 | - https://github.com/HollyDi/Ring0Hook 874 | - https://github.com/mgeeky/prc_xchk 875 | - https://github.com/tinysec/iathook 876 | 877 | ## InfinityHook 878 | 879 | - https://yanjuan.xyz/2019/08/syscallhook/ 880 | - https://github.com/huoji120/huoji_debuger 881 | - https://github.com/everdox/InfinityHook 882 | 883 | ## inline hook 884 | 885 | - https://github.com/adrianyy/kernelhook 886 | - https://github.com/gfreivasc/VMTHook 887 | - https://github.com/zhipeng515/MemberFunctionHook (member function hook) 888 | - https://github.com/windy32/win32-console-hook-lib 889 | - https://github.com/M0rtale/Universal-WndProc-Hook 890 | - https://github.com/a7031x/HookApi 891 | - https://github.com/blaquee/APCHook 892 | - https://github.com/simonberson/ChromeURLSniffer 893 | - https://github.com/codereversing/sehveh_hook 894 | - https://github.com/Matviy/LeagueReplayHook 895 | - https://github.com/jonasblunck/DP 896 | - https://github.com/XBased/xhook 897 | - https://github.com/rokups/hooker 898 | - https://github.com/Ayuto/DynamicHooks 899 | - https://github.com/sincoder/wow64hook 900 | - https://github.com/strobejb/sslhook 901 | - https://github.com/petrgeorgievsky/gtaRenderHook 902 | - https://github.com/WopsS/RenHook 903 | - https://github.com/chinatiny/InlineHookLib (R3 & R0) 904 | - https://github.com/tongzeyu/HookSysenter 905 | - https://github.com/idkwim/frookSINATRA (x64 sysenter hook) 906 | - https://github.com/VideoCardGuy/HideProcessInTaskmgr 907 | - https://github.com/MalwareTech/FstHook 908 | - https://github.com/Menooker/FishHook 909 | - https://github.com/G-E-N-E-S-I-S/latebros 910 | - https://bbs.pediy.com/thread-214582.htm 911 | 912 | ## hook engine 913 | 914 | - https://github.com/btbd/smap 915 | - https://github.com/gdabah/distormx 916 | - https://github.com/danielkrupinski/vac-hooks 917 | - https://github.com/vol4ok/libsplice (r3 & r0) 918 | - https://github.com/HoShiMin/HookLib (r3 & r0) 919 | - https://github.com/Rebzzel/kiero (d3d hook) 920 | - https://github.com/aschrein/apiparse 921 | - https://github.com/zyantific/zyan-hook-engine 922 | - https://github.com/jonasblunck/DP (com hook) 923 | - https://github.com/jonasblunck/DynHook 924 | - https://github.com/wanttobeno/ADE32_InlineHook 925 | - https://github.com/coltonon/RegHookEx (mid function) 926 | - https://github.com/Synestraa/ArchUltimate.HookLib 927 | - https://github.com/DominicTobias/detourxs 928 | - https://github.com/Ilyatk/HookEngine 929 | - https://github.com/zyantific/zyan-hook-engine 930 | - https://github.com/martona/mhook 931 | - https://github.com/EasyHook/EasyHook 932 | - https://github.com/RelicOfTesla/Detours 933 | - https://github.com/stevemk14ebr/PolyHook 934 | - https://github.com/TsudaKageyu/minhook 935 | - https://github.com/Microsoft/Detours 936 | - https://github.com/Microwave89/ntapihook 937 | 938 | ## anti hook 939 | 940 | - https://github.com/outflanknl/Dumpert 941 | - https://github.com/nickcano/ReloadLibrary 942 | 943 | ## inject technique (ring0) 944 | 945 | - https://github.com/btbd/modmap 946 | - https://github.com/Mecanik/MecanikProcessBreaker 947 | - https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT 948 | - https://github.com/adrianyy/KeInject 949 | - https://github.com/Sqdwr/LoadImageInject 950 | - https://github.com/haidragon/NewInjectDrv 951 | - https://github.com/alex9191/Kernel-dll-injector (DllInjectFromKernel) 952 | - https://github.com/wbenny/keinject (ApcInjectFromKernel) 953 | 954 | ## inject technique (ring3) 955 | 956 | - https://github.com/antonioCoco/Mapping-Injection (MapViewOfFile2) 957 | - https://github.com/theevilbit/injection 958 | - https://github.com/SafeBreach-Labs/pinjectra 959 | - https://github.com/odzhan/injection 960 | - https://github.com/M-r-J-o-h-n/SWH-Injector 961 | - https://github.com/nccgroup/ncloader (A session-0 capable dll injection utility) 962 | - https://github.com/vmcall/eye_mapper (BattlEye x64 usermode injector) 963 | - https://github.com/Shaxzy/VibranceInjector 964 | - https://github.com/xiaobo93/UnModule_shellcode_Inject 965 | - https://github.com/Cybellum/DoubleAgent 966 | - https://github.com/realoriginal/reflective-rewrite (InjectFromMemory) 967 | - https://github.com/blaquee/APCHook (apc inject) 968 | - https://github.com/secrary/InjectProc 969 | - https://github.com/ez8-co/yapi (Yet Another Process Injector) 970 | - https://github.com/UserExistsError/InjectDll (InjectFromMemory) 971 | - https://github.com/notscimmy/libinject 972 | - https://github.com/BorjaMerino/tlsInjector (tls) 973 | - https://github.com/BorjaMerino/Pazuzu (InjectFromMemory) 974 | - https://github.com/strobejb/injdll 975 | - https://github.com/strivexjun/DriverInjectDll (MapInjectDll) 976 | - https://github.com/sud0loo/ProcessInjection 977 | - https://github.com/apriorit/SvcHostDemo 978 | - https://github.com/can1357/ThePerfectInjector 979 | - https://github.com/VideoCardGuy/X64Injector 980 | - https://github.com/papadp/reflective-injection-detection (InjectFromMemory) 981 | - https://github.com/psmitty7373/eif (InjectFromMemory) 982 | - https://github.com/rokups/ReflectiveLdr (InjectFromMemory) 983 | - https://github.com/BenjaminSoelberg/ReflectivePELoader (InjectFromMemory) 984 | - https://github.com/NtRaiseHardError/Phage (InjectFromMemory) 985 | - https://github.com/dismantl/ImprovedReflectiveDLLInjection (InjectFromMemory) 986 | - https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher (InjectFromMemory) 987 | - https://github.com/amishsecurity/paythepony (InjectFromMemory) 988 | - https://github.com/deroko/activationcontexthook 989 | - https://github.com/ez8-co/yapi (Cross x86 & x64 injection) 990 | - https://github.com/georgenicolaou/HeavenInjector 991 | - https://github.com/tinysec/runwithdll 992 | - https://github.com/NtOpcode/NT-APC-Injector 993 | - https://github.com/caidongyun/WinCodeInjection 994 | - https://github.com/countercept/doublepulsar-usermode-injector 995 | - https://github.com/mq1n/DLLThreadInjectionDetector 996 | - https://github.com/hkhk366/Memory_Codes_Injection 997 | - https://github.com/chango77747/ShellCodeInjector_MsBuild 998 | - https://github.com/Zer0Mem0ry/ManualMap 999 | - https://github.com/secrary/InfectPE 1000 | - https://github.com/zodiacon/DllInjectionWithThreadContext 1001 | - https://github.com/NtOpcode/RtlCreateUserThread-DLL-Injection 1002 | - https://github.com/hasherezade/chimera_loader 1003 | - https://github.com/Ciantic/RemoteThreader 1004 | - https://github.com/OlSut/Kinject-x64 1005 | - https://github.com/tandasat/RemoteWriteMonitor 1006 | - https://github.com/stormshield/Beholder-Win32 1007 | - https://github.com/secrary/InjectProc 1008 | - https://github.com/AzureGreen/InjectCollection 1009 | - https://github.com/uItra/Injectora 1010 | - https://github.com/rootm0s/Injectors 1011 | - https://github.com/Spajed/processrefund 1012 | - https://github.com/al-homedawy/InjecTOR 1013 | - https://github.com/OlSut/Kinject-x64 1014 | - https://github.com/stormshield/Beholder-Win32 1015 | - https://github.com/yifiHeaven/MagicWall 1016 | 1017 | ## WoW64 <-> x64 1018 | 1019 | - https://github.com/wolk-1024/WoW64Utils 1020 | - https://github.com/dadas190/Heavens-Gate-2.0 1021 | - https://github.com/leecher1337/ntvdmx64 1022 | - https://github.com/hyzhangzhy/WindowX 1023 | - https://github.com/georgenicolaou/HeavenInjector 1024 | - https://github.com/georgenicolaou/W64oWoW64 1025 | - https://github.com/Rprop/X86Call 1026 | - https://github.com/rwfpl/rewolf-wow64ext 1027 | - https://github.com/ovidiuvio/libntdbg 1028 | - https://github.com/haidragon/x86tox64 1029 | - https://github.com/3gstudent/CreateRemoteThread 1030 | - https://github.com/RaMMicHaeL/Textify 1031 | 1032 | ## anti autorun 1033 | 1034 | - https://github.com/analyst004/autorun 1035 | 1036 | ## anti dll inject 1037 | 1038 | - https://0cch.com/2015/04/10/e998b2e6ada2global-windows-hookse6b3a8e585a5e79a84e4b880e4b8aae696b9e6b395/ (global hook) 1039 | - https://blog.csdn.net/songjinshi/article/details/7808561 (message hook) 1040 | - https://blog.csdn.net/songjinshi/article/details/7808624 (message hook) 1041 | - https://github.com/mq1n/DLLThreadInjectionDetector 1042 | - https://github.com/analyst004/antinject 1043 | - https://github.com/ExpLife/BotKiller 1044 | 1045 | ## load Dll from memory 1046 | 1047 | - https://github.com/hasherezade/module_overloading 1048 | - https://github.com/UserExistsError/DllLoaderShellcode 1049 | - https://github.com/jnastarot/native_peloader 1050 | - https://github.com/fancycode/MemoryModule 1051 | - https://github.com/strivexjun/MemoryModulePP 1052 | 1053 | ## Unpack dll load in runtime 1054 | 1055 | - https://github.com/1ce0ear/DllLoaderUnpacker 1056 | 1057 | ## dll hijack 1058 | 1059 | - https://github.com/itm4n/CDPSvcDllHijacking 1060 | - https://github.com/Cybereason/siofra (identify and exploit) 1061 | - https://github.com/anhkgg/SuperDllHijack 1062 | - https://github.com/strivexjun/AheadLib-x86-x64 1063 | - https://github.com/zeffy/proxydll_template 1064 | 1065 | ## com hijack 1066 | 1067 | - https://github.com/leoloobeek/COMProxy 1068 | - https://github.com/enigma0x3/MessageBox 1069 | 1070 | ## anti dll hijack 1071 | 1072 | - https://github.com/fortiguard-lion/anti-dll-hijacking 1073 | 1074 | ## process hollowing 1075 | 1076 | - https://github.com/xfgryujk/InjectExe 1077 | - https://github.com/m0n0ph1/Basic-File-Crypter 1078 | - https://github.com/Spajed/processrefund 1079 | - https://github.com/KernelMode/Process_Doppelganging 1080 | - https://github.com/hasherezade/process_doppelganging 1081 | - https://github.com/m0n0ph1/Process-Hollowing 1082 | - https://github.com/KernelMode/RunPE-ProcessHollowing 1083 | - https://github.com/KernelMode/RunPE_Detecter 1084 | 1085 | ## pe loader 1086 | 1087 | - https://github.com/FrankStain/pe-loader 1088 | - https://github.com/VideoCardGuy/PELoader 1089 | 1090 | ## memory pe dumper 1091 | 1092 | - https://github.com/glmcdona/Process-Dump 1093 | 1094 | ## dll map detection 1095 | 1096 | - https://github.com/vmcall/MapDetection 1097 | 1098 | ## dll to shellcode 1099 | 1100 | - https://github.com/w1nds/dll2shellcode 1101 | 1102 | ## dll to exe 1103 | 1104 | - https://github.com/hasherezade/dll_to_exe 1105 | 1106 | ## hide process 1107 | 1108 | - https://github.com/M00nRise/ProcessHider 1109 | 1110 | ## hide & delete dll 1111 | 1112 | - https://github.com/strivexjun/HideDll 1113 | - https://github.com/wyyqyl/HideModule 1114 | 1115 | ## load driver from memory 1116 | 1117 | - https://github.com/ZhuHuiBeiShaDiao/DriverMaper 1118 | - https://github.com/fadetrack/KernelMemoryModule (Enable Exception) 1119 | - https://github.com/not-wlan/driver-hijack 1120 | - https://github.com/Professor-plum/Reflective-Driver-Loader 1121 | 1122 | ## bypass memory scanner 1123 | 1124 | - https://github.com/Microwave89/rtsectiontest 1125 | 1126 | ## KeUserModeCallBack 1127 | 1128 | - https://github.com/Sqdwr/KeUserModeCallBack 1129 | 1130 | ## callback 1131 | 1132 | - https://github.com/socjordi/sauron 1133 | - https://github.com/OSRDrivers/kmexts (callbacks) 1134 | - https://github.com/godaddy/procfilter (yara-integrated) 1135 | - https://github.com/McSimp/unfairplay 1136 | - https://github.com/jjdredd/procsentinel (verify the address space of a process) 1137 | - https://github.com/SanseoLab/simpleAVdriver 1138 | - https://github.com/SanseoLab/ProcLogger 1139 | - https://github.com/notscimmy/libelevate 1140 | - https://github.com/ZhuHuiBeiShaDiao/ObRegisterCallBacksByPass 1141 | - https://github.com/Sqdwr/RemoveCallBacks 1142 | - https://github.com/JKornev/hidden 1143 | - https://github.com/binbibi/CallbackEx 1144 | - https://github.com/swwwolf/cbtest 1145 | - https://github.com/nmgwddj/Learn-Windows-Drivers 1146 | - https://github.com/SamLarenN/CallbackDisabler 1147 | 1148 | ## keyboard filter 1149 | 1150 | - https://github.com/supermanc88/KeyboardEncrypt 1151 | 1152 | ## usb filter 1153 | 1154 | - https://github.com/GoodstudyChina/USBlocker 1155 | 1156 | ## sfilter 1157 | 1158 | - https://github.com/JokerRound/FlieSystemFilter 1159 | - https://github.com/haidragon/sfilter 1160 | 1161 | ## minifilter 1162 | 1163 | - https://github.com/lxt1045/FileLogger 1164 | - https://github.com/vitalikpi/FileWall 1165 | - https://github.com/Mermeze/System-Monitor 1166 | - https://github.com/cn505240/lightweight-reactive-snapshot-service 1167 | - https://github.com/aviadyifrah/NAGuard 1168 | - https://github.com/y0n0622/DriversCode 1169 | - https://github.com/NotSurprised/MiniLogger 1170 | - https://github.com/hidd3ncod3s/hipara 1171 | - https://github.com/NtRaiseHardError/Providence 1172 | - https://github.com/maaaaz/mimicertz 1173 | - https://github.com/MUmesha/SecureFile 1174 | - https://github.com/anystayisjk/WordEncrypt 1175 | - https://github.com/anystayisjk/EncryptEngine 1176 | - https://github.com/yedushusheng/FileEncryption 1177 | - https://github.com/JokerMars/engine 1178 | - https://github.com/icedxu/Monitor 1179 | - https://github.com/smartinm/diskcryptor (disk encrypt) 1180 | - https://github.com/hedgeh/SEWindows (HIPS) 1181 | - https://github.com/474172261/DataProtector 1182 | - https://github.com/CynicalApe/Minifilter-CSHARP-ConsoleApp 1183 | - https://github.com/NtRaiseHardError/Anti-Delete (File anti delete) 1184 | - https://github.com/Randomize163/FSDefender 1185 | - https://github.com/ETEFS/ETEFS_Mini 1186 | - https://github.com/gfleury/ProtegeDados_ProjetoFinal 1187 | - https://github.com/denisvieriu/Portable-Executable-Minifilter-Driver 1188 | - https://github.com/surajfale/passthrough-minifilter-driver 1189 | - https://github.com/louk78/Virgo 1190 | - https://github.com/tandasat/Scavenger 1191 | - https://github.com/dubeyprateek/HideFiles 1192 | - https://github.com/aleksk/LazyCopy 1193 | - https://github.com/guidoreina/minivers 1194 | - https://github.com/idkwim/mfd 1195 | - https://github.com/Coxious/Antinvader 1196 | - https://github.com/tandasat/Scavenger 1197 | - https://github.com/fishfly/X70FSD 1198 | - https://github.com/ExpLife/BKAV.Filter 1199 | 1200 | ## anti Ransomware 1201 | 1202 | - https://github.com/NtRaiseHardError/Antimalware-Research 1203 | - https://github.com/clavis0x/AntiRansomware 1204 | - https://github.com/DecryptoniteTeam/Decryptonite 1205 | - https://github.com/ofercas/ransomware_begone 1206 | 1207 | ## virtual disk 1208 | 1209 | - https://github.com/zhaozhongshu/winvblock_vs 1210 | - https://github.com/yogendersolanki91/Kernel-Driver-Example 1211 | 1212 | ## virtual file system 1213 | 1214 | - https://github.com/ufrisk/MemProcFS (The Memory Process File System) 1215 | - https://github.com/TanninOne/usvfs 1216 | - https://github.com/ExpLife/CodeUMVFS 1217 | - https://github.com/yogendersolanki91/ProcessFileSystem 1218 | - https://github.com/BenjaminKim/dokanx 1219 | 1220 | ## lpc 1221 | 1222 | - https://github.com/avalon1610/LPC 1223 | 1224 | ## alpc 1225 | 1226 | - https://github.com/LoukaMB/Beacon 1227 | - https://github.com/avalon1610/ALPC 1228 | 1229 | ## lsp/spi 1230 | 1231 | - https://github.com/TinkerBravo/SPIRemove 1232 | - https://github.com/AnwarMohamed/Packetyzer 1233 | 1234 | ## afd 1235 | 1236 | - https://github.com/batteryshark/AfdProxy 1237 | - https://github.com/xiaomagexiao/GameDll 1238 | - https://github.com/DeDf/afd 1239 | - https://github.com/a252293079/NProxy 1240 | 1241 | ## tdi 1242 | 1243 | - https://github.com/wanttobeno/wmifilter 1244 | - https://github.com/xue-blood/adfilter 1245 | - https://github.com/alex9191/NetDriver (send & receive HTTP requests) 1246 | - https://github.com/alex9191/ZeroBank-ring0-bundle 1247 | - https://github.com/Sha0/winvblock 1248 | - https://github.com/michael4338/TDI 1249 | - https://github.com/cullengao/tdi_monitor 1250 | - https://github.com/uniking/TDI-Demo 1251 | - https://github.com/codereba/netmon 1252 | 1253 | ## wfp 1254 | 1255 | - https://github.com/gifur/NetworkMnt 1256 | - https://github.com/guidoreina/http_inspect 1257 | - https://github.com/ZhanLang/netmonsys 1258 | - https://github.com/reinhardvz/enumwfp 1259 | - https://github.com/BOT-Man-JL/WFP-Traffic-Redirection-Driver 1260 | - https://github.com/henrypp/simplewall 1261 | - https://github.com/dfct/PortMapper (Port Map) 1262 | - https://github.com/TinkerBravo/WFPKit 1263 | - https://github.com/Arno0x/DivertTCPconn 1264 | - https://github.com/mullvad/libwfp 1265 | - https://github.com/gifur/NetworkMnt 1266 | - https://github.com/ss-abramchuk/OpenVPNAdapter/blob/f016614ed3dec30672e4f1821344b7992825a98d/OpenVPN%20Adapter/Vendors/openvpn/openvpn/tun/win/wfp.hpp 1267 | - https://github.com/itari/vapu 1268 | - https://github.com/ValdikSS/GoodbyeDPI 1269 | - https://github.com/basil00/Divert 1270 | - https://github.com/WPO-Foundation/win-shaper 1271 | - https://github.com/raymon-tian/WFPFirewall 1272 | - https://github.com/killbug2004/HashFilter 1273 | - https://github.com/henrypp/simplewall 1274 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/network/porting-packet-processing-drivers-and-apps-to-wfp 1275 | - https://github.com/thecybermind/ipredir 1276 | 1277 | ## ndis 1278 | 1279 | - https://github.com/pr0v3rbs/MalSiteBlocker 1280 | - https://github.com/Beamer-LB/netmap/tree/stable/WINDOWS 1281 | - https://github.com/ndemarinis/ovs/tree/22a1ba42f8137cd3532b54880b19b51d4b87440d/datapath-windows/ovsext 1282 | - https://github.com/markjandrews/CodeMachineCourse/tree/5473d4ea808791c2a048f2c8c9c86f011a6da5e8/source/kerrkt.labs/labs/NdisLwf 1283 | - https://github.com/openthread/openthread/tree/master/examples/drivers/windows 1284 | - https://github.com/Hartigan/Firewall 1285 | - https://github.com/zy520321/ndis-filter 1286 | - https://github.com/yuanmaomao/NDIS_Firewall 1287 | - https://github.com/SoftEtherVPN/Win10Pcap 1288 | - https://github.com/IsoGrid/NdisProtocol 1289 | - https://github.com/lcxl/lcxl-net-loader 1290 | - https://www.ntkernel.com/windows-packet-filter/ 1291 | - https://github.com/michael4338/NDIS 1292 | - https://github.com/IAmAnubhavSaini/ndislwf 1293 | - https://github.com/OpenVPN/tap-windows6 1294 | - https://github.com/SageAxcess/pcap-ndis6 1295 | - https://github.com/uniking/NDIS-Demo 1296 | - https://github.com/mkdym/NDISDriverInst 1297 | - https://github.com/debugfan/packetprot 1298 | - https://github.com/Iamgublin/NDIS6.30-NetMonitor 1299 | - https://github.com/nmap/npcap 1300 | - https://github.com/Ltangjian/FireWall 1301 | - https://github.com/Microsoft/Windows-driver-samples/tree/master/network/config/bindview 1302 | - https://github.com/brorica/http_inject (winpcap) 1303 | 1304 | ## game accelerator 1305 | 1306 | - https://github.com/NetchX/Netch 1307 | 1308 | ## wsk 1309 | 1310 | - https://github.com/adrianyy/rw_socket_driver 1311 | - https://github.com/wbenny/KSOCKET 1312 | - https://github.com/xalley/WskHttp 1313 | - https://github.com/reinhardvz/wsk 1314 | - https://github.com/akayn/kbMon 1315 | - https://github.com/02strich/audionet 1316 | - https://github.com/mestefy/securityplus 1317 | - https://github.com/skycipher/CNGProvider 1318 | 1319 | ## rootkits 1320 | 1321 | - https://github.com/Mr-Un1k0d3r/SCShell 1322 | - https://github.com/realoriginal/doublepulsar-poc 1323 | - https://github.com/zouxianyu/PhysicalMemoryRW 1324 | - https://github.com/zouxianyu/KernelHiddenExecute 1325 | - https://github.com/isoadam/gina_public 1326 | - https://github.com/GayPig/driverless-basic-driver 1327 | - https://github.com/zerosum0x0/smbdoor 1328 | - https://github.com/Alex3434/wmi-static-spoofer 1329 | - https://github.com/KIDofot/BypassDriverDetection_And_Kill360Process 1330 | - https://github.com/longmode/UTKModule 1331 | - https://github.com/nkga/cheat-driver (read/write memory of arbitrary processes) 1332 | - https://github.com/lantaoxu/HWIDFaker (hwid fake) 1333 | - https://github.com/zerosum0x0/puppetstrings 1334 | - https://github.com/Synestraa/Highcall-Library (Highcall) 1335 | - https://github.com/Microwave89/drvtricks 1336 | - https://github.com/Psychotropos/xhunter1_privesc (XIGNCODE3) 1337 | - https://github.com/ionescu007/r0ak (RWE) 1338 | - https://github.com/cyberweapons/cyberweapons 1339 | - https://github.com/huoji120/AV-Killer 1340 | - https://github.com/Sqdwr/DeleteFile 1341 | - https://github.com/Sqdwr/DeleteFileByCreateIrp 1342 | - https://github.com/Mattiwatti/PPLKiller 1343 | - https://github.com/bfosterjr/ci_mod 1344 | - https://github.com/HoShiMin/EnjoyTheRing0 1345 | - https://github.com/hfiref0x/ZeroAccess 1346 | - https://github.com/hackedteam/driver-win32 1347 | - https://github.com/hackedteam/driver-win64 1348 | - https://github.com/csurage/Rootkit 1349 | - https://github.com/bowlofstew/rootkit.com 1350 | - https://github.com/Nervous/GreenKit-Rootkit 1351 | - https://github.com/bytecode-77/r77-rootkit 1352 | - https://github.com/Cr4sh/WindowsRegistryRootkit 1353 | - https://github.com/Alifcccccc/Windows-Rootkits 1354 | - https://github.com/Schnocker/NoEye 1355 | - https://github.com/christian-roggia/open-myrtus 1356 | - https://github.com/Cr4sh/DrvHide-PoC 1357 | - https://github.com/mstefanowich/SquiddlyDiddly2 1358 | - https://github.com/MalwareTech/FakeMBR 1359 | - https://github.com/Cr4sh/PTBypass-PoC 1360 | - https://github.com/psaneme/Kung-Fu-Malware 1361 | - https://github.com/hasherezade/persistence_demos 1362 | - https://github.com/MinhasKamal/TrojanCockroach 1363 | - https://github.com/akayn/kbMon 1364 | 1365 | ## mbr 1366 | 1367 | - https://github.com/Cisco-Talos/MBRFilter 1368 | 1369 | ## bootkits 1370 | 1371 | - https://github.com/DeviceObject/rk2017 1372 | - https://github.com/DeviceObject/ChangeDiskSector 1373 | - https://github.com/DeviceObject/Uefi_HelloWorld 1374 | - https://github.com/DeviceObject/ShitDrv 1375 | - https://github.com/DeviceObject/DarkCloud 1376 | - https://github.com/nyx0/Rovnix 1377 | - https://github.com/MalwareTech/TinyXPB 1378 | - https://github.com/m0n0ph1/Win64-Rovnix-VBR-Bootkit 1379 | - https://github.com/NextSecurity/Gozi-MBR-rootkit 1380 | - https://github.com/NextSecurity/vector-edk 1381 | - https://github.com/ahixon/booty 1382 | 1383 | ## uefi/smm 1384 | 1385 | - https://github.com/SunnyKi/bareBoot 1386 | - https://github.com/DeviceObject/Uefi_HelloWorld 1387 | - https://github.com/LongSoft/UEFITool 1388 | - https://github.com/dude719/UEFI-Bootkit 1389 | - https://github.com/quarkslab/dreamboot 1390 | - https://github.com/gyje/BIOS_Rootkit 1391 | - https://github.com/scumjr/the-sea-watcher 1392 | - https://github.com/zhuyue1314/stoned-UEFI-bootkit 1393 | - https://github.com/hackedteam/vector-edk 1394 | - https://github.com/Cr4sh/SmmBackdoor 1395 | - https://github.com/Cr4sh/PeiBackdoor 1396 | - https://github.com/Cr4sh/fwexpl 1397 | 1398 | ## bootloader 1399 | 1400 | - https://github.com/apriorit/custom-bootloader 1401 | 1402 | ## smc 1403 | 1404 | - https://github.com/marcusbotacin/Self-Modifying-Code 1405 | 1406 | ## anti debug 1407 | 1408 | - https://github.com/sharepub/CheckVM-Sandbox 1409 | - https://github.com/nihilboy/anti 1410 | - https://github.com/atlantis2013/Evasion-Tools 1411 | - https://github.com/AlicanAkyol/sems 1412 | - https://github.com/strivexjun/XAntiDebug 1413 | - https://github.com/marcusbotacin/Anti.Analysis 1414 | - https://github.com/LordNoteworthy/al-khaser 1415 | - https://github.com/eschweiler/ProReversing 1416 | 1417 | ## crypters 1418 | 1419 | - https://github.com/m0n0ph1/FileCrypter 1420 | - https://github.com/iGh0st/Crypters 1421 | 1422 | ## malware 1423 | 1424 | - https://github.com/vxunderground/Vx-Engines 1425 | - https://github.com/rokups/virtual-reality (backdoor) 1426 | - https://github.com/InQuest/malware-samples 1427 | - https://github.com/mstfknn/malware-sample-library 1428 | - https://github.com/Darkabode/possessor 1429 | - https://github.com/Darkabode/zerokit 1430 | - https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp (C#) 1431 | - https://github.com/zerosum0x0/koadic (JScript RAT) 1432 | - https://github.com/malwaredllc/bamf 1433 | - https://github.com/malwaredllc/byob (py) 1434 | - https://github.com/fereh/tacekit 1435 | - https://github.com/eset/malware-ioc 1436 | - https://github.com/lianglixin/RemoteControl-X3 1437 | - https://github.com/Souhardya/UBoat (HTTP) 1438 | - https://github.com/malwares/Botnet 1439 | - https://github.com/RafaelGSS/HyzMall 1440 | - https://github.com/DeadNumbers/Pegasus 1441 | - https://github.com/mdsecactivebreach/SharpShooter 1442 | - https://github.com/mwsrc/XtremeRAT 1443 | - https://github.com/mwsrc/Schwarze-Sonne-RAT (delphi) 1444 | - https://github.com/Mr-Un1k0d3r/ThunderShell (powershell) 1445 | - https://github.com/DimChris0/LoRa 1446 | - https://github.com/marcusbotacin/Malware.Multicore 1447 | - https://github.com/bxlcity/malware 1448 | - https://github.com/grcasanova/SuperVirus 1449 | - https://github.com/hackedteam/core-win32 1450 | - https://github.com/hackedteam/scout-win 1451 | - https://github.com/hackedteam/vector-dropper 1452 | 1453 | ## EternalBlue && Doublepulsar && Mine 1454 | 1455 | - https://github.com/xmrig/xmrig 1456 | - https://github.com/TolgaSEZER/EternalPulse 1457 | 1458 | ## shellcode analysis 1459 | 1460 | - https://github.com/OALabs/BlobRunner 1461 | 1462 | ## malware analysis 1463 | 1464 | - https://github.com/G4rb3n/Malware-Killer 1465 | - https://github.com/G4rb3n/Malware-Picture 1466 | - https://github.com/a232319779/mmdt 1467 | - https://github.com/Formyown/Alesense-Antivirus (nice demo) 1468 | - https://github.com/ctxis/capemon (Config And Payload Extraction) 1469 | - https://github.com/tdevuser/MalwFinder 1470 | - https://github.com/MalwareCantFly/Vba2Graph 1471 | - https://github.com/unexpectedBy/Automated-Malware-Analysis-List 1472 | - https://github.com/wchen-r7/amsiscanner (Microsoft's Antimalware Scan Interface) 1473 | - https://github.com/ctxis/capemon 1474 | - https://github.com/kevthehermit/RATDecoders 1475 | - https://github.com/marcusbotacin/Malware.Variants 1476 | - https://github.com/marcusbotacin/Hardware-Assisted-AV 1477 | - https://github.com/gentilkiwi/spectre_meltdown 1478 | - https://github.com/gentilkiwi/wanadecrypt 1479 | - https://github.com/bloomer1016 1480 | - https://github.com/CHEF-KOCH/malware-research 1481 | - https://github.com/gentilkiwi/wanakiwi 1482 | 1483 | ## av evasion 1484 | 1485 | - https://github.com/nccgroup/Winpayloads 1486 | - https://github.com/TideSec/BypassAntiVirus 1487 | - https://github.com/jthuraisamy/SysWhispers 1488 | - https://github.com/huoji120/Antivirus_R3_bypass_demo 1489 | - https://github.com/paranoidninja/CarbonCopy 1490 | 1491 | ## arktools 1492 | 1493 | - https://github.com/antiwar3/py 1494 | - https://github.com/weixu8/pcmonitor (kpolarssl) 1495 | - https://github.com/mohuihui/antispy 1496 | - https://github.com/DavidXanatos/TaskExplorer 1497 | - https://github.com/BlackINT3/OpenArk 1498 | - https://github.com/basketwill/Sysmon_reverse 1499 | - https://github.com/ZhuHuiBeiShaDiao/KernelHooksDetection_x64 1500 | - https://github.com/AxtMueller/Windows-Kernel-Explorer 1501 | - https://github.com/hedgeh/SEWindows (doc:hedgeh.github.io/startup.html) 1502 | - https://github.com/glmcdona/MALM 1503 | - https://github.com/ahmad-siavashi/Ana-Process-Explorer 1504 | - https://github.com/alex9191/KernelModeMonitor 1505 | - https://github.com/marcosd4h/memhunter 1506 | - https://github.com/gleeda/memtriage 1507 | - https://github.com/KernelMode/Process_Dop 1508 | - https://github.com/hm200958/kmdf--analyse 1509 | - https://github.com/AzureGreen/WinNT-Learning 1510 | - https://github.com/marcusbotacin/BranchMonitoringProject 1511 | - https://github.com/AzureGreen/ArkProtect 1512 | - https://github.com/AzureGreen/ArkToolDrv 1513 | - https://github.com/HollyDi/PCAssistant 1514 | - https://github.com/ChengChengCC/Ark-tools 1515 | - https://github.com/swatkat/arkitlib 1516 | - https://github.com/swwwolf/wdbgark 1517 | - https://github.com/zibility/Anti-Rootkits 1518 | - https://github.com/SLAUC91/AntiCheat 1519 | - https://github.com/sincoder/A-Protect 1520 | - https://github.com/apriorit/antirootkit-anti-splicer 1521 | - https://github.com/kedebug/ScDetective 1522 | - https://github.com/PKRoma/ProcessHacker 1523 | - https://github.com/AndreyBazhan/DbgExt 1524 | - https://github.com/comaeio/SwishDbgExt 1525 | - https://github.com/ExpLife/atomic-red-team 1526 | - https://github.com/shenghe/pcmanager 1527 | - https://github.com/lj1987new/guardlite 1528 | - https://github.com/hackshields/antivirus/ 1529 | - https://github.com/AntiRootkit/BDArkit 1530 | 1531 | ## bypass patchguard 1532 | 1533 | - https://github.com/zhuhuibeishadiao/PatchGuardResearch 1534 | - https://github.com/can1357/ByePg 1535 | - https://github.com/zzhouhe/PG1903 1536 | - https://github.com/9176324/Shark 1537 | - https://github.com/hfiref0x/UPGDSED 1538 | - https://github.com/tandasat/PgResarch 1539 | - https://github.com/killvxk/DisableWin10PatchguardPoc 1540 | - https://github.com/tandasat/findpg 1541 | - https://github.com/zer0mem/HowToBoostPatchGuard 1542 | - https://bbs.pediy.com/thread-214582.htm 1543 | 1544 | ## bypass dse 1545 | 1546 | - https://github.com/alxbrn/gdrv-loader 1547 | - https://github.com/Mattiwatti/EfiGuard 1548 | - https://github.com/hfiref0x/TDL 1549 | - https://github.com/hfiref0x/DSEFix 1550 | 1551 | ## HackSysExtremeVulnerableDriver 1552 | 1553 | - https://github.com/redogwu/windows_kernel_exploit 1554 | - https://github.com/mgeeky/HEVD_Kernel_Exploit 1555 | - https://www.fuzzysecurity.com/tutorials.html 1556 | - https://rootkits.xyz/blog/ 1557 | - https://github.com/hacksysteam/HackSysExtremeVulnerableDriver 1558 | - https://github.com/k0keoyo/HEVD-Double-Free-PoC 1559 | - https://github.com/k0keoyo/HEVD-Arbitrary-Overwrite-Exploit-Win10-rs3 1560 | - https://github.com/tekwizz123/HEVD-Exploit-Solutions 1561 | - https://github.com/k0keoyo/try_exploit 1562 | - https://github.com/Cn33liz/HSEVD-VariousExploits 1563 | - https://github.com/Cn33liz/HSEVD-StackOverflow 1564 | - https://github.com/Cn33liz/HSEVD-StackOverflowX64 1565 | - https://github.com/Cn33liz/HSEVD-StackCookieBypass 1566 | - https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteGDI 1567 | - https://github.com/Cn33liz/HSEVD-StackOverflowGDI 1568 | - https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteLowIL 1569 | - https://github.com/Cn33liz/HSEVD-ArbitraryOverwrite 1570 | - https://github.com/akayn/demos 1571 | 1572 | ## windows exploits 1573 | 1574 | - https://github.com/peleghd/Windows-10-Exploitation 1575 | - https://github.com/NAXG/cve_2019_0708_bluekeep_rce (RDP) 1576 | - https://github.com/wchen-r7/VulnCases (cases) 1577 | - https://github.com/rockmelodies/CVE-2019-0708-Exploit (RDP) 1578 | - https://github.com/admintony/svnExploit 1579 | - https://github.com/smgorelik/Windows-RCE-exploits 1580 | - https://github.com/WindowsExploits/Exploits 1581 | - https://github.com/codewhitesec/UnmarshalPwn 1582 | - https://github.com/shellphish/how2heap 1583 | - https://github.com/externalist/exploit_playground 1584 | - https://github.com/cervoise/Abuse-bash-for-windows 1585 | 1586 | ## linux exploits 1587 | 1588 | - https://github.com/ylcangel/exploits 1589 | 1590 | ## windows kernel exploits 1591 | 1592 | - https://github.com/gdabah/win32k-bugs 1593 | - https://github.com/SouhailHammou/Drivers (ATP bypass) 1594 | - https://www.unknowncheats.me/forum/anti-cheat-bypass/334557-vulnerable-driver-megathread.html?nsukey=CkSGplDUMAWaGbr8btXXDeNqNyzCau83773dZHbUgTD2KbfFsN4ReqwwjwB1TE2jjUz0HHSUQSrvX7JZ%2BtA0RPQFg5pWsGwlyCVT6EW1cF8Y%2BDfa%2Fd8KHdi%2FFG5mj6oTcKaCfR%2BQmUANoXeWHbzursQ68JQdcT5zfCKwgR7ZutAla5N%2FHH8448BpwB4nKJuBB0ns7Ex0vVB7O8j%2BkcFaug%3D%3D 1595 | - https://github.com/n3k/EKOParty2015_Windows_SMEP_Bypass (SEMP bypass) 1596 | - https://github.com/saaramar/execve_exploit (WSL) 1597 | - https://github.com/siberas/CVE-2016-3309_Reloaded 1598 | - https://github.com/moccajoghurt/drvmap_secure 1599 | - https://github.com/fishstiqz/poolinfo 1600 | - https://github.com/cbayet/Exploit-CVE-2017-6008 1601 | - https://github.com/cbayet/PoolSprayer (pool spray) 1602 | - https://github.com/DownWithUp/CVE-2018-15499 (race condition) 1603 | - https://github.com/SandboxEscaper/randomrepo (win10 LPE) 1604 | - https://github.com/jackson5-sec/TaskSchedLPE (LPE) 1605 | - https://github.com/HarsaroopDhillon/AHNLab-0day(LPE) 1606 | - https://github.com/paranoidninja/Pandoras-Box 1607 | - https://github.com/MarkHC/HandleMaster 1608 | - https://github.com/can1357/physical_mem_controller 1609 | - https://github.com/can1357/safe_capcom 1610 | - https://github.com/can1357/CVE-2018-8897 1611 | - https://github.com/JeremyFetiveau/Exploits 1612 | - https://github.com/hfiref0x/Stryker 1613 | - https://github.com/swwwolf/obderef 1614 | - https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS 1615 | - https://github.com/cbayet/PoolSprayer 1616 | - https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC 1617 | - https://github.com/k0keoyo/Driver-Loaded-PoC 1618 | - https://github.com/k0keoyo/try_exploit 1619 | - https://github.com/k0keoyo/CVE-2015-2546-Exploit 1620 | - https://github.com/k0keoyo/Dark_Composition_case_study_Integer_Overflow 1621 | - https://github.com/tinysec/vulnerability 1622 | - https://github.com/akayn/demos 1623 | - https://github.com/abatchy17/WindowsExploits 1624 | - https://github.com/recodeking/WindowsExploitation 1625 | - https://github.com/GDSSecurity/Windows-Exploit-Suggester 1626 | - https://github.com/rwfpl/rewolf-pcausa-exploit 1627 | - https://github.com/ratty3697/HackSpy-Trojan-Exploit 1628 | - https://github.com/SecWiki/windows-kernel-exploits 1629 | - https://github.com/sensepost/ms16-098 1630 | - https://github.com/shjalayeri/sysret 1631 | - https://github.com/sam-b/windows_kernel_resources 1632 | - https://github.com/sensepost/gdi-palettes-exp 1633 | - https://github.com/ExpLife/ByPassCfg 1634 | - https://github.com/Rootkitsmm/WinIo-Vidix 1635 | - https://github.com/andrewkabai/vulnwindrv 1636 | - https://github.com/mwrlabs/CVE-2016-7255 1637 | - https://github.com/MarkHC/HandleMaster 1638 | - https://github.com/SamLarenN/CapcomDKOM 1639 | - https://github.com/zerosum0x0/puppetstrings 1640 | - https://github.com/zerosum0x0/ShellcodeDriver 1641 | - https://github.com/Rootkitsmm/WinIo-Vidix 1642 | - https://github.com/progmboy/kernel_vul_poc 1643 | - https://github.com/rwfpl/rewolf-msi-exploit 1644 | - https://github.com/rwfpl/rewolf-pcausa-exploit 1645 | - https://github.com/Rootkitsmm/Win10Pcap-Exploit 1646 | - https://github.com/Rootkitsmm/MS15-061 1647 | - https://github.com/Rootkitsmm/cve-2016-0040 1648 | - https://github.com/Rootkitsmm/CVEXX-XX 1649 | - https://github.com/sensepost/ms16-098 1650 | - https://github.com/Trietptm-on-Security/bug-free-adventure 1651 | - https://github.com/sam-b/CVE-2014-4113 1652 | - https://github.com/Rootkitsmm/OpenVpn-Pool-Overflow 1653 | - https://github.com/Rootkitsmm/UnThreatAVDriver-DOS 1654 | - https://github.com/Cr4sh/ThinkPwn 1655 | - https://github.com/hfiref0x/CVE-2015-1701 1656 | - https://github.com/tyranid/windows-logical-eop-workshop 1657 | - https://github.com/google/sandbox-attacksurface-analysis-tools 1658 | - https://github.com/tyranid/ExploitRemotingService 1659 | - https://github.com/tyranid/DeviceGuardBypasses 1660 | - https://github.com/tyranid/ExploitDotNetDCOM 1661 | - https://github.com/hatRiot/token-priv(EOP) 1662 | - https://github.com/weizn11/MS17010_AllInOne 1663 | - https://github.com/TeskeVirtualSystem/MS17010Test 1664 | 1665 | ## LPE 1666 | 1667 | - https://github.com/itm4n/UsoDllLoader 1668 | - https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation 1669 | - https://github.com/AlessandroZ/BeRoot 1670 | - https://github.com/HackerPide/The-Division-Bypass (division bypass) 1671 | - https://github.com/khr0x40sh/WhiteListEvasion 1672 | - https://github.com/ohpe/juicy-potato 1673 | - https://github.com/nmulasmajic/syscall_exploit_CVE-2018-8897 1674 | - https://github.com/codewhitesec/UnmarshalPwn 1675 | - https://ohpe.github.io/juicy-potato/ 1676 | 1677 | ## linux exploit 1678 | 1679 | - https://github.com/Lazenca/Exploit-tech 1680 | - https://github.com/Lazenca/Kernel-exploit-tech 1681 | 1682 | ## office exploit 1683 | 1684 | - https://github.com/houjingyi233/office-exploit-case-study 1685 | - https://github.com/rxwx/CVE-2017-8570 1686 | 1687 | ## flash exploit 1688 | 1689 | - https://github.com/brianwrf/CVE-2017-4878-Samples 1690 | 1691 | ## sandbox 1692 | 1693 | - https://github.com/Cisco-Talos/pyrebox 1694 | - https://github.com/taiFansou/Proteibox 1695 | 1696 | ## sandbox escape 1697 | 1698 | - https://github.com/b4rtik/ATPMiniDump 1699 | - https://github.com/ray-cp/vm-escape 1700 | - https://github.com/xairy/vmware-exploitation 1701 | - https://github.com/649/Chrome-Sandbox-Exploit 1702 | - https://github.com/SilverMoonSecurity/SandboxEvasion 1703 | - https://github.com/exAphex/SandboxEscape 1704 | - https://github.com/Fel0ny/Sandbox-Detection 1705 | - https://github.com/CheckPointSW/InviZzzible 1706 | - https://github.com/MalwareTech/AppContainerSandbox 1707 | - https://github.com/tyranid/IE11SandboxEscapes 1708 | - https://github.com/649/Chrome-Sandbox-Exploit 1709 | - https://github.com/google/sandbox-attacksurface-analysis-tools 1710 | - https://github.com/conix-security/zer0m0n 1711 | - https://github.com/iceb0y/windows-container 1712 | - https://github.com/s7ephen/SandKit 1713 | - https://github.com/D4Vinci/Dr0p1t-Framework 1714 | - https://github.com/cryptolok/MorphAES 1715 | - https://github.com/mtalbi/vm_escape 1716 | - https://github.com/unamer/vmware_escape 1717 | - https://github.com/erezto/lua-sandbox-escape 1718 | - https://github.com/brownbelt/Edge-sandbox-escape 1719 | - https://github.com/shakenetwork/vmware_escape 1720 | - https://github.com/Cr4sh/prl_guest_to_host 1721 | 1722 | ## anti exploit 1723 | 1724 | - https://github.com/shjalayeri/Pwnypot 1725 | - https://github.com/shjalayeri/MCEDP 1726 | - https://github.com/Empier/Anti-Exploit 1727 | 1728 | ## cve 1729 | 1730 | - https://github.com/ollypwn/CVE-2020-0601 1731 | - https://github.com/bluefrostsecurity/CVE-2019-1215 (LPE) 1732 | - https://github.com/apt69/COMahawk 1733 | - https://github.com/DownWithUp/CVE-Stockpile 1734 | - https://github.com/badd1e/Disclosures 1735 | - https://github.com/Barakat/CVE-2019-16098 (LPE) 1736 | - https://github.com/qazbnm456/awesome-cve-poc#cve-2016-3088 1737 | - https://github.com/Vlad-tri/CVE-2019-1132 1738 | - https://github.com/RingLcy/VulnerabilityAnalysisAndExploit 1739 | - https://github.com/thepwnrip/leHACK-Analysis-of-CVE-2018-8453 1740 | - https://github.com/o0xmuhe/RealWorldPwn 1741 | - https://github.com/sophoslabs/CVE-2019-0888 (ADO UAF) 1742 | - https://github.com/Iamgublin/CVE-2019-0803 (LPE) 1743 | - https://github.com/ze0r/cve-2019-0808-poc 1744 | - https://github.com/Ridter/acefile 1745 | - https://github.com/Ridter/Exchange2domain 1746 | - https://github.com/ze0r/cve-2018-8453-exp 1747 | - https://github.com/gravitational/cve-2018-1002105 1748 | - https://github.com/LyleMi/dom-vuln-db 1749 | - https://github.com/renorobert/virtualbox-cve-2018-2844 1750 | - https://github.com/LiuCan01/cve-list-pro 1751 | - https://github.com/CVEProject/cvelist 1752 | 1753 | ## hips 1754 | 1755 | - https://github.com/secrary/DrSemu 1756 | - https://github.com/godaddy/procfilter 1757 | - https://github.com/BrunoMCBraga/Kernel-Whisperer 1758 | - https://malwaretips.com/threads/av-self-protection-process-c-c.66200/ 1759 | - https://github.com/zareprj/JAV-AV-Engine 1760 | - https://github.com/0xdabbad00/OpenHIPS 1761 | - https://github.com/ExpLife/Norton_AntiVirus_SourceCode 1762 | - https://github.com/majian55555/MJAntiVirusEngine 1763 | - https://github.com/develbranch/TinyAntivirus 1764 | - https://github.com/tandasat/EopMon 1765 | - https://github.com/tandasat/MemoryMon 1766 | 1767 | ## windows hypervisor 1768 | 1769 | - https://github.com/FoxHex0ne/HyperViper 1770 | - https://github.com/comaeio/LiveCloudKd 1771 | - https://github.com/0vercl0k/pywinhv 1772 | - https://github.com/gamozolabs/falkervisor_grilled_cheese 1773 | - https://github.com/redogwu/hyper-v 1774 | - https://github.com/Ekrte/hithithit 1775 | - https://github.com/Microsoft/FirewallEventMonitor 1776 | - https://github.com/ionescu007/Simpleator 1777 | - https://github.com/StrikerX3/whvpclient 1778 | 1779 | ## kvm 1780 | 1781 | - https://github.com/david942j/kvm-kernel-example 1782 | 1783 | ## vt 1784 | 1785 | - https://github.com/chillancezen/ZeldaOS.x86_64 1786 | - https://github.com/9176324/Daat 1787 | - https://github.com/eyalz800/zpp_hypervisor 1788 | - https://github.com/stonedreamforest/Mirage 1789 | - https://github.com/IgorKorkin/MemoryRanger 1790 | - https://github.com/hrbust86/SvmNest 1791 | - https://github.com/Kelvinhack/DeviceMon 1792 | - https://github.com/Kelvinhack/NoTruth 1793 | - https://github.com/udosteinberg/NOVA 1794 | - https://github.com/changeofpace/VivienneVMM (stealthy debugging framework) 1795 | - https://github.com/tklengyel/drakvuf 1796 | - https://github.com/gamozolabs/applepie 1797 | - https://github.com/haidragon/newbluepill 1798 | - https://github.com/Gbps/gbhv 1799 | - https://github.com/ionescu007/SimpleVisor 1800 | - https://github.com/xdel/bluepillstudy 1801 | - https://github.com/SinaKarvandi/Hypervisor-From-Scratch 1802 | - https://github.com/wbenny/hvpp 1803 | - https://github.com/Sqdwr/Multi_CPU_VtBase 1804 | - https://github.com/marche147/IoctlMon 1805 | - https://github.com/ionescu007/SimpleVisor 1806 | - https://github.com/zer0mem/MiniHyperVisorProject 1807 | - https://github.com/zer0mem/ShowMeYourGongFu 1808 | - https://github.com/zer0mem/HyperVisor 1809 | - https://github.com/marche147/SimpleVT 1810 | - https://github.com/DarthTon/HyperBone 1811 | - https://github.com/nick-kvmhv/splittlb 1812 | - https://github.com/zareprj/Vmx_Prj 1813 | - https://github.com/ZhuHuiBeiShaDiao/MiniVTx64 1814 | - https://github.com/tandasat/HyperPlatform 1815 | - https://github.com/hzqst/Syscall-Monitor 1816 | - https://github.com/asamy/ksm 1817 | - https://github.com/in12hacker/VT_64_EPT 1818 | - https://github.com/ZhuHuiBeiShaDiao/PFHook 1819 | - https://github.com/tandasat/FU_Hypervisor 1820 | - https://github.com/tandasat/DdiMon 1821 | - https://github.com/tandasat/GuardMon 1822 | - https://github.com/yqsy/VT_demo 1823 | - https://github.com/OkazakiNagisa/VTbasedDebuggerWin7 1824 | - https://github.com/Ouroboros/JuusanKoubou 1825 | - https://github.com/aaa1616/Hypervisor 1826 | - https://github.com/Nukem9/VirtualDbg 1827 | - https://github.com/Nukem9/VirtualDbgHide 1828 | - https://github.com/cheat-engine/cheat-engine 1829 | - https://github.com/Kelvinhack/kHypervisor 1830 | 1831 | ## firmware 1832 | 1833 | - https://github.com/platomav/MEAnalyzer 1834 | 1835 | ## fuzzer 1836 | 1837 | - https://github.com/vanhauser-thc/AFLplusplus (AFLPlusPlus) 1838 | - https://github.com/zhunki/Superion 1839 | - https://github.com/uds-se/fuzzingbook 1840 | - https://github.com/wcventure/WasmFuzz 1841 | - https://github.com/wcventure/FuzzingPaper (paper) 1842 | - https://github.com/FoxHex0ne/Silfen 1843 | - https://bbs.pediy.com/thread-255544.htm 1844 | - https://bbs.pediy.com/thread-255162.htm (winafl) 1845 | - https://github.com/bin2415/fuzzing_paper 1846 | - https://github.com/mxmssh/manul 1847 | - https://github.com/nccgroup/fuzzowski 1848 | - https://github.com/rk700/uniFuzzer (closed-source binaries fuzzer) 1849 | - https://github.com/trailofbits/sienna-locomotive 1850 | - https://github.com/compsec-snu/razzer 1851 | - https://github.com/wcventure/FuzzingPaper 1852 | - https://github.com/mwrlabs/ViridianFuzzer (fuzz Hyper-V hypercalls) 1853 | - https://github.com/GoSSIP-SJTU/TripleDoggy 1854 | - https://github.com/payatu/EMFFuzzer 1855 | - https://github.com/googleprojectzero/bochspwn-reloaded 1856 | - https://github.com/googleprojectzero/p0tools 1857 | - https://github.com/wnagzihxa1n/BrowserSecurity 1858 | - https://github.com/Dongdongshe/neuzz 1859 | - https://github.com/nickjackson2011/study-TTF_format 1860 | - https://github.com/oxagast/ansvif 1861 | - https://github.com/hfiref0x/ROCALL 1862 | - https://github.com/bin2415/fuzzing_paper 1863 | - https://github.com/CERTCC/dranzer (activex/com) 1864 | - https://github.com/lcatro/How-to-Read-Source-and-Fuzzing (learn fuzzer) 1865 | - https://github.com/sogeti-esec-lab/RPCForge 1866 | - https://github.com/RootUp/BFuzz 1867 | - https://github.com/necst/crave 1868 | - https://github.com/IOActive/FuzzNDIS 1869 | - https://github.com/bee13oy/AV_Kernel_Vulns/tree/master/Zer0Con2017 1870 | - https://github.com/k0keoyo/kDriver-Fuzzer (Paper:https://whereisk0shl.top/post/2018-01-30) 1871 | - https://github.com/koutto/ioctlbf 1872 | - https://github.com/Cr4sh/ioctlfuzzer 1873 | - https://github.com/Cr4sh/MsFontsFuzz 1874 | - https://github.com/hfiref0x/NtCall64 1875 | - https://github.com/Rootkitsmm/Win32k-Fuzzer 1876 | - https://github.com/mwrlabs/KernelFuzzer 1877 | - https://github.com/SignalSEC/kirlangic-ttf-fuzzer 1878 | - https://github.com/demi6od/Smashing_The_Browser 1879 | - https://github.com/marche147/IoctlMon 1880 | - https://github.com/k0keoyo/Some-Kernel-Fuzzing-Paper 1881 | 1882 | ## emet 1883 | 1884 | - https://github.com/codingtest/EMET 1885 | 1886 | ## hotpatch 1887 | 1888 | - https://github.com/codingtest/windows_hotpatch 1889 | 1890 | ## memory hack 1891 | 1892 | - https://github.com/Empier/MemoryEditor 1893 | 1894 | ## game 1895 | 1896 | - https://github.com/scarsty/kys-cpp 1897 | 1898 | ## game hack 1899 | 1900 | - https://github.com/zH4x/SoT-DLL (esp) 1901 | - https://github.com/huoji120/apex_full_cheat 1902 | - https://github.com/CasualX/apexbot 1903 | - https://github.com/tomLadder/Call-of-Duty-Black-Ops-III-Cheat 1904 | - https://github.com/vmcall/battleye_emulation 1905 | - https://github.com/JakeDahl/ApexStuff 1906 | - https://github.com/luciouskami/LOL-CN-Anti-AntCheat 1907 | - https://github.com/danielkrupinski/Osiris 1908 | - https://github.com/ApexLegendsUC/anti-cheat-emulator 1909 | - https://github.com/EternityX/DEADCELL-CSGO 1910 | - https://github.com/adrianyy/EACReversing (EAC) 1911 | - https://github.com/EquiFox/KsDumper (process dump from kernel space) 1912 | - https://github.com/EternityX/DEADCELL-CSGO 1913 | - https://github.com/M-T3K/GameHacking 1914 | - https://github.com/nanoric/pkn 1915 | - https://github.com/luciouskami/APEX-EACBypass 1916 | - https://github.com/fenix01/cheatengine-library (cheatengine library wrapper) 1917 | - https://github.com/GoodstudyChina/CSGO-Cheat 1918 | - https://github.com/Nixer1337/Nixware-GMOD 1919 | - https://github.com/DragonQuestHero/PUBG-PAK-Hacker (BattlEye) 1920 | - https://github.com/GameHackingBook/GameHackingCode 1921 | - https://github.com/danielkrupinski/Osiris (Counter-Strike) 1922 | - https://github.com/moccajoghurt/MemWars 1923 | - https://github.com/dsasmblr/hacking-online-games 1924 | - https://github.com/dsasmblr/game-hacking 1925 | - https://github.com/daswareinfach/Battleye-VAC-EAC-Kernel-Bypass (BattlEye) 1926 | - https://blog.his.cat/a/fuck_battleye.cat (BattlEye) 1927 | - https://github.com/Tai7sy/BE_Fuck (Battleye) 1928 | - https://github.com/Synestraa/Highcall-Library 1929 | - https://github.com/cheat-engine/cheat-engine 1930 | - https://github.com/DreamHacks/dreamdota 1931 | - https://github.com/yoie/NGPlug-in 1932 | - https://github.com/DevelopKits/proj 1933 | - https://github.com/VideoCardGuy/ExpTool_GUI 1934 | - https://github.com/VideoCardGuy/Zhihu_SimpleLog 1935 | - https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64 1936 | - https://github.com/VideoCardGuy/Tetris 1937 | - https://github.com/VideoCardGuy/YuGiOh 1938 | - https://github.com/VideoCardGuy/SnakeAI 1939 | - https://github.com/VideoCardGuy/gitAsktao 1940 | - https://github.com/VideoCardGuy/War3Cheat 1941 | - https://github.com/VideoCardGuy/AStar_Study 1942 | - https://github.com/VideoCardGuy/BnsChina_SetSpeed 1943 | - https://github.com/VideoCardGuy/LOLProjects 1944 | - https://github.com/VideoCardGuy/NewYuGiOh_CheatDLL_x64 1945 | - https://github.com/VideoCardGuy/PictureMatchGame 1946 | - https://github.com/VideoCardGuy/AutoLoginByBnsChina 1947 | - https://github.com/VideoCardGuy/MemoryWatchTool 1948 | - https://github.com/VideoCardGuy/LOL_China 1949 | - https://github.com/mlghuskie/NoBastian 1950 | - https://github.com/G-E-N-E-S-I-S/BattlegroundsChams 1951 | - https://github.com/luciouskami/XignCode3Bypass 1952 | - https://github.com/luciouskami/CS-GO-Simple-Hack 1953 | - https://github.com/luciouskami/load-self-mix 1954 | - https://github.com/Karaulov/WarcraftIII_DLL_126-127 1955 | - https://github.com/TonyZesto/PubgPrivXcode85 1956 | - https://github.com/luciouskami/gameguard-for-war3 1957 | - https://github.com/PopcornEgg/LOLChangeSkin 1958 | - https://github.com/ValveSoftware/ToGL 1959 | - https://github.com/Karaulov/War3-SizeLimit-Bypass 1960 | - https://github.com/F7eak/Xenon 1961 | - https://github.com/syj2010syj/All-Star-Battle-2 1962 | 1963 | ## anti cheat 1964 | 1965 | - https://github.com/huoji120/CSGO_CrowAntiCheat 1966 | - https://github.com/niemand-sec/Reversing-XignCode3-Driver 1967 | - https://github.com/niemand-sec/AntiCheat-Testing-Framework 1968 | - https://github.com/GravitLauncher/Avanguard 1969 | - https://github.com/Mouka-Yang/AntiCheatProtector 1970 | - https://github.com/mq1n/NoMercy 1971 | - https://github.com/SagaanTheEpic/Sagaan-AntiCheat-V2.0 1972 | - https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-Module- 1973 | - https://github.com/SagaanTheEpic/SAC-Anti-Debug 1974 | - https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-ModuleThread 1975 | - https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-OverlayDetector- 1976 | - https://github.com/SagaanTheEpic/Mega-Bypasss 1977 | - https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-UserMode- 1978 | - https://github.com/SagaanTheEpic/SAC-Sagaan-AntiCheat-Driver- 1979 | - https://github.com/SagaanTheEpic/SagaanTheEpic-Millin-Hack-SMH-Kernel 1980 | - https://github.com/SagaanTheEpic/LSASS-Usermode-Bypass 1981 | - https://github.com/SagaanTheEpic/KernelMode-Bypass 1982 | - https://github.com/chinatiny/GameAntiCheat 1983 | - https://github.com/jnastarot/anti-cheat 1984 | - https://github.com/jnastarot/ice9 1985 | 1986 | ## software reverse 1987 | 1988 | - https://github.com/stonedreamforest/re_avkmgr 1989 | - https://github.com/stonedreamforest/re_sysdiag 1990 | 1991 | ## pe protector 1992 | 1993 | - https://github.com/93aef0ce4dd141ece6f5/Packer 1994 | - https://github.com/devilogic/xvirus 1995 | - https://github.com/nickcano/RelocBonus 1996 | - https://github.com/jnastarot/furikuri 1997 | 1998 | ## unpacker 1999 | 2000 | - https://github.com/Phat3/PINdemonium (pin) 2001 | - https://github.com/BromiumLabs/PackerAttacker 2002 | - http://n10info.blogspot.com/2018/03/xvolkolak-010.html 2003 | 2004 | ## emulate code execution 2005 | 2006 | - https://github.com/sycurelab 2007 | - https://github.com/hzqst/unicorn_pe 2008 | - https://github.com/inaz2/Unico 2009 | - https://github.com/Coldzer0/Cmulator 2010 | 2011 | ## pin 2012 | 2013 | - https://github.com/season-lab/bluepill/ 2014 | - https://github.com/long123king/PE-Replay 2015 | - https://github.com/Fare9/ANBU 2016 | - https://github.com/BreakingMalware/Selfie 2017 | - https://github.com/BreakingMalware/AVulnerabilityChecker 2018 | - https://github.com/hasherezade/MyPinTools 2019 | - https://github.com/hasherezade/tiny_tracer 2020 | - https://github.com/dyninst/dyninst 2021 | 2022 | ## symbolic execution 2023 | 2024 | - https://github.com/cea-sec/miasm 2025 | - https://github.com/illera88/Ponce 2026 | - https://github.com/gaasedelen/lighthouse 2027 | 2028 | ## obfuscation 2029 | 2030 | - https://github.com/DoctorLai/VBScript_Obfuscator 2031 | 2032 | ## deobfuscation 2033 | 2034 | - https://github.com/amimo/ollvm-breaker 2035 | - https://github.com/JonathanSalwan/Tigress_protection 2036 | - https://github.com/1111joe1111/tuts (vmprotect 3+) 2037 | - https://github.com/F8LEFT/DecLLVM 2038 | - https://github.com/mmyydd/relative-pattern 2039 | - https://github.com/SCUBSRGroup/OLLVM_Deobfuscation 2040 | 2041 | ## taint analyse 2042 | 2043 | - https://github.com/cea-sec/miasm (blackhat 2018) 2044 | - https://bbs.pediy.com/thread-230299.htm 2045 | - https://bbs.pediy.com/thread-230105.htm 2046 | - https://bbs.pediy.com/thread-226603.htm 2047 | - https://bbs.pediy.com/thread-224353.htm 2048 | - https://bbs.pediy.com/thread-223849.htm 2049 | - https://github.com/airbus-seclab/bincat 2050 | - https://github.com/SCUBSRGroup/Taint-Analyse 2051 | - https://github.com/airbus-seclab/bincat 2052 | - https://github.com/SCUBSRGroup/Taint-Analyse 2053 | - https://github.com/piscou/FuzzWin 2054 | 2055 | ## bin diff 2056 | 2057 | - https://github.com/joxeankoret/pigaios 2058 | - https://www.zynamics.com/bindiff.html 2059 | - https://github.com/joxeankoret/diaphora 2060 | - https://github.com/ExpLife/binarydiffer 2061 | - https://github.com/ExpLife/patchdiff2_ida6 2062 | - https://github.com/ExpLife/patchdiff2 2063 | 2064 | ## debugger 2065 | 2066 | - https://github.com/marakew/syser 2067 | 2068 | ## x64dbg plugin 2069 | 2070 | - https://github.com/horsicq 2071 | - https://github.com/Ahmadmansoor/AdvancedScript 2072 | - https://github.com/changeofpace/Force-Page-Protection 2073 | - https://github.com/secrary/idenLib 2074 | - https://github.com/Gbps/x64dbg-consonance-theme 2075 | - https://github.com/ThunderCls/xAnalyzer 2076 | - https://github.com/mrexodia/TitanHide 2077 | - https://github.com/x64dbg/InterObfu 2078 | - https://github.com/x64dbg/ScyllaHide 2079 | - https://github.com/Nukem9/SwissArmyKnife 2080 | - https://github.com/x64dbg/x64dbg/wiki/Plugins 2081 | 2082 | ## live kernel debug 2083 | 2084 | - https://samsclass.info/126/proj/p12-kernel-debug-win10.htm?tdsourcetag=s_pctim_aiomsg 2085 | - https://gds89.wordpress.com/2010/05/19/windows-7-x64-local-and-live-kernel-debugging/ 2086 | 2087 | ## windbg plugin 2088 | 2089 | - https://github.com/long123king/tokenext 2090 | - https://github.com/long123king/grep (regular expression) 2091 | - https://github.com/fdiskyou/iris 2092 | - https://github.com/pstolarz/dumpext (pe unpack) 2093 | - http://www.andreybazhan.com/debugging.html 2094 | - https://github.com/vallejocc/Reverse-Engineering-Arsenal/ (anti-anti_debugging winDbg scripts) 2095 | - https://github.com/vagnerpilar/windbgtree (nice plugin) 2096 | - https://github.com/hugsy/windbg_js_scripts (js) 2097 | - https://github.com/0vercl0k/windbg-scripts (js) 2098 | - https://github.com/REhints/WinDbg 2099 | - https://github.com/jthuraisamy/DIRT 2100 | - https://github.com/OSRDrivers/penter 2101 | - https://github.com/OSRDrivers/windbg-exts 2102 | - https://github.com/panoramixor/GDIObjDump 2103 | - https://codeday.me/bug/20171003/80216.html 2104 | - http://virtualkd.sysprogs.org/ 2105 | - https://github.com/VincentSe/WatchTrees 2106 | 2107 | ## virtualkd 2108 | 2109 | - https://github.com/4d61726b/VirtualKD-Redux 2110 | 2111 | ## ida script & plugin 2112 | 2113 | - https://github.com/fireeye/FIDL 2114 | - https://github.com/mefistotelis/ida-pro-loadmap 2115 | - https://github.com/ampotos/dynStruct 2116 | - https://github.com/patois/HRDevHelper 2117 | - https://github.com/0xeb/ida-qscripts (easy developing script) 2118 | - https://github.com/google/binexport 2119 | - https://github.com/nihilus/ida-pro-swf 2120 | - https://github.com/ax330d/hrdev 2121 | - https://github.com/ax330d/ida_pdb_loader 2122 | - https://github.com/ax330d/functions-plus 2123 | - https://github.com/ecx86/classinformer-ida7 2124 | - https://github.com/IOActive/kmdf_re 2125 | - https://github.com/a1ext/labeless 2126 | - https://github.com/kkHAIKE/tinyidb 2127 | - https://github.com/RolfRolles/HexRaysDeob (deobfuscate) 2128 | - https://github.com/icewall/BinDiffFilter 2129 | - https://github.com/devttys0/ida/ 2130 | - https://github.com/dude719/SigMaker-x64 (pat2sig) 2131 | - https://github.com/fireeye/flare-ida (idb2pat) 2132 | - https://zznop.github.io/bnida/ 2133 | - https://github.com/zyantific/IDASkins 2134 | - https://github.com/eugeii/ida-consonance 2135 | - https://github.com/mwrlabs/win_driver_plugin 2136 | - https://github.com/igogo-x86/HexRaysPyTools 2137 | - https://github.com/techbliss/Python_editor 2138 | - https://github.com/tmr232/Sark 2139 | - http://sark.readthedocs.io/en/latest/debugging.html 2140 | - https://bbs.pediy.com/thread-224627.htm (wing debugging idapython script) 2141 | 2142 | ## ida sig maker 2143 | 2144 | - https://blog.csdn.net/lixiangminghate/article/details/81352205 2145 | 2146 | ## idapython 2147 | 2148 | - https://github.com/sophoslabs/WebAssembly 2149 | - https://github.com/howmp/COMFinder 2150 | - https://github.com/maddiestone/IDAPythonEmbeddedToolkit 2151 | - https://github.com/zyantific/IDASkins 2152 | - https://github.com/ynvb/DIE 2153 | - https://github.com/nologic/idaref 2154 | - https://github.com/anatolikalysch/VMAttack 2155 | - https://github.com/36hours/idaemu 2156 | - https://github.com/gaasedelen/lighthouse 2157 | - https://github.com/avast-tl/retdec-idaplugin 2158 | - https://github.com/1111joe1111/ida_ea 2159 | - https://github.com/eugeii/ida-consonance 2160 | - https://github.com/IDArlingTeam/IDArling 2161 | - https://github.com/aaronportnoy/toolbag 2162 | - https://github.com/L4ys/LazyIDA 2163 | - https://github.com/push0ebp/sig-database 2164 | - https://github.com/igogo-x86/HexRaysPyTools 2165 | - https://github.com/intezer/docker-ida 2166 | - https://github.com/keystone-engine/keypatch 2167 | - https://github.com/dzzie/IDACompare 2168 | - https://github.com/snare/ida-efiutils 2169 | - https://github.com/zachriggle/ida-splode 2170 | - https://github.com/nccgroup/idahunt 2171 | - https://github.com/iphelix/ida-sploiter 2172 | - https://github.com/ALSchwalm/dwarfexport 2173 | - https://github.com/Maktm/FLIRTDB 2174 | - https://github.com/strazzere/golang_loader_assist 2175 | - https://github.com/Ga-ryo/IDAFuzzy 2176 | - https://github.com/duo-labs/idapython 2177 | - https://github.com/polymorf/findcrypt-yara 2178 | - https://github.com/patois/IDACyber 2179 | - https://github.com/F8LEFT/DecLLVM 2180 | - https://github.com/RobinDavid/idasec 2181 | - https://github.com/tboox/vm86 2182 | - https://github.com/siberas/IDA2Sym 2183 | - https://github.com/sibears/IDAGolangHelper 2184 | - https://github.com/tmr232/IDABuddy 2185 | - https://github.com/zyantific/REtypedef 2186 | - https://github.com/nihilus/IDA_Signsrch 2187 | - https://github.com/ax330d/ida_pdb_loader 2188 | - https://github.com/alexander-hanel/idapython6to7 2189 | - https://github.com/nektra/vtbl-ida-pro-plugin 2190 | - https://github.com/wirepair/IDAPinLogger 2191 | - https://github.com/BinaryAnalysisPlatform/bap-ida-python 2192 | - https://github.com/alexander-pick/patchdiff2_ida6 2193 | - https://github.com/ecx86/classinformer-ida7 2194 | - https://github.com/nccgroup/SusanRTTI 2195 | - https://github.com/gaasedelen/prefix 2196 | - https://github.com/andreafioraldi/IDAngr 2197 | - https://github.com/Cr4sh/IDA-VMware-GDB 2198 | - https://github.com/Comsecuris/ida_strcluster 2199 | - https://github.com/airbus-seclab/bincat 2200 | - https://github.com/a1ext/auto_re 2201 | - https://github.com/gynophage/solarized_ida 2202 | - https://github.com/luorui110120/IDAplugins 2203 | - https://github.com/0xItx/ida_nightfall 2204 | - https://github.com/xorpd/idsearch 2205 | - https://github.com/nihilus/IDASimulator 2206 | - https://github.com/dude719/SigMaker-x64 2207 | - https://github.com/fireeye/SimplifyGraph 2208 | - https://github.com/google/binexport 2209 | - https://github.com/deresz/funcap 2210 | - https://github.com/IOActive/kmdf_re 2211 | - http://www.h4ck.org.cn/2011/07/ida-pe6-dll-unpack/ 2212 | - https://www.anquanke.com/post/id/151898 2213 | - https://www.anquanke.com/post/id/85890 2214 | - https://www.cnblogs.com/17bdw/p/7785469.html 2215 | - https://4hou.win/wordpress/?cat=1178 (pin & ida) 2216 | - https://wizardforcel.gitbooks.io/grey-hat-python/ 2217 | - http://spd.dropsec.xyz/2016/10/05/IDAPython%E5%AE%89%E8%A3%85/ 2218 | - http://spd.dropsec.xyz/2017/04/09/%E7%AC%A6%E5%8F%B7%E6%89%A7%E8%A1%8C-%E5%9F%BA%E4%BA%8Epython%E7%9A%84%E4%BA%8C%E8%BF%9B%E5%88%B6%E5%88%86%E6%9E%90%E6%A1%86%E6%9E%B6angr/ 2219 | - http://spd.dropsec.xyz/2016/10/16/IDAPython%E8%84%9A%E6%9C%AC%E4%B9%8B%E6%94%B6%E9%9B%86%E5%87%BD%E6%95%B0%E7%9A%84%E8%B0%83%E7%94%A8%E4%BF%A1%E6%81%AF/ 2220 | - http://www.freebuf.com/sectool/92107.html 2221 | - http://www.freebuf.com/sectool/92168.html 2222 | - http://www.freebuf.com/articles/system/92488.html 2223 | - http://www.freebuf.com/articles/system/92505.html 2224 | - http://www.freebuf.com/articles/system/93440.html 2225 | - https://www.fortinet.com/blog/threat-research/rewriting-idapython-script-objc2-xrefs-helper-py-for-hopper.html 2226 | - https://sark.readthedocs.io/en/latest/debugging.html 2227 | - https://cartermgj.github.io/2017/10/10/ida-python/ 2228 | - https://security.tencent.com/index.php/blog/msg/4 2229 | - https://wingware.com/doc/howtos/idapython 2230 | - http://www.somersetrecon.com/blog/2018/7/6/introduction-to-idapython-for-vulnerability-hunting 2231 | - http://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython/ 2232 | - http://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython/ 2233 | - https://resources.infosecinstitute.com/saving-time-effort-idapython/#gref 2234 | - https://www.thezdi.com/blog/2018/5/21/mindshare-walking-the-windows-kernel-with-ida-python 2235 | - https://www.thezdi.com/blog/2018/7/19/mindshare-an-introduction-to-pykd 2236 | - https://www.thezdi.com/blog/2018/6/26/mindshare-variant-hunting-with-ida-python 2237 | - http://www.mopsled.com/2016/add-shortcut-for-idapython-script-ida-pro/ 2238 | - http://blog.sina.com.cn/s/blog_9f5e368a0102wnmm.html 2239 | - https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/october/python-class-informer-an-idapython-plugin-for-viewing-run-time-type-information-rtti/ 2240 | - https://www.pydoc.io/pypi/python-idb-0.4.0/autoapi/analysis/index.html 2241 | - https://securityxploded.com/api-call-tracing-with-pefile-pydbg-and-idapython.php 2242 | - https://www.cnblogs.com/0xJDchen/p/7527236.html 2243 | - http://www.williballenthin.com/blog/2015/09/04/idapython-synchronization-decorator/ 2244 | - https://www.fireeye.com/blog/threat-research/2015/01/flare_ida_pro_script.html 2245 | - https://bbs.pediy.com/thread-226983.htm 2246 | - https://www.trustwave.com/Resources/SpiderLabs-Blog/Defeating-Flame-String-Obfuscation-with-IDAPython/ 2247 | - https://www.anquanke.com/post/id/151898 2248 | - https://edoc.site/idapython-bookpdf-pdf-free.html 2249 | - https://serializethoughts.com/tag/idapython/ 2250 | - https://exploiting.wordpress.com/2011/12/06/quickpost-idapython-script-to-identify-unrecognized-functions/ 2251 | - http://barbie.uta.edu/~xlren/Diaphora/diaphora_help.pdf 2252 | - https://www.jianshu.com/p/ee789e8acb03 2253 | - http://blog.51cto.com/watertoeast/2084700 2254 | - http://blog.51cto.com/watertoeast/1352787 2255 | - https://blog.clamav.net/2014/02/generating-clamav-signatures-with.html 2256 | - https://www.mnin.org/write/2006_extract_xor.pdf 2257 | - http://www.hexacorn.com/blog/2015/12/21/idapython-making-strings-decompiler-friendly/ 2258 | - http://standa-note.blogspot.com/2015/01/arm-exception-handling-and-idapython.html 2259 | - http://codegist.net/code/idapython-script/ 2260 | - https://reverseengineering.stackexchange.com/questions/16055/idapython-get-xrefs-to-a-stack-variable 2261 | 2262 | ## pykd 2263 | 2264 | - https://github.com/sogeti-esec-lab/LKD 2265 | - https://www.anquanke.com/post/id/86909 2266 | - https://www.anquanke.com/post/id/86896 2267 | - https://www.anquanke.com/post/id/83205 2268 | - https://blog.csdn.net/jimoguilai/article/details/25286029 2269 | - https://blog.csdn.net/jimoguilai/article/details/29827283 2270 | - https://blog.csdn.net/jimoguilai/article/details/38122863 2271 | - https://blog.csdn.net/linux_vae/article/details/77532758 2272 | - https://blog.csdn.net/linux_vae/article/details/77532758 2273 | - https://blog.csdn.net/ambihan/article/details/35775933 2274 | - https://www.zerodayinitiative.com/blog/2018/7/19/mindshare-an-introduction-to-pykd 2275 | - https://www.cnblogs.com/fanzi2009/archive/2012/12/10/2811543.html 2276 | - https://cloud.tencent.com/developer/article/1005628 2277 | - http://eternalsakura13.com/2018/07/03/firefox_env/ 2278 | - https://binvoke.com/inline-assembly-in-x64/ 2279 | - https://webstersprodigy.net/2014/01/06/soft-function-hooking-with-windbg-and-pykd/ 2280 | - https://rayanfam.com/topics/pykd-tutorial-part1/ 2281 | - https://rayanfam.com/topics/pykd-tutorial-part2/ 2282 | - https://labs.mwrinfosecurity.com/blog/heap-tracing-with-windbg-and-python/ 2283 | - http://www.miguelventura.pt/scripting-windbg-with-pykd.html 2284 | - https://labs.nettitude.com/blog/windbg-using-pykd-to-dump-private-symbols/ 2285 | - https://webstersprodigy.net/2014/01/06/soft-function-hooking-with-windbg-and-pykd/ 2286 | - https://www.cnblogs.com/fanzi2009/archive/2012/12/10/2811543.html 2287 | - http://www.freebuf.com/articles/system/103816.html 2288 | - https://bbs.pediy.com/thread-224904.htm 2289 | - http://theevilbit.blogspot.com/2017/09/pool-spraying-fun-part-1.html 2290 | - http://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-2.html 2291 | - http://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-3.html 2292 | - http://theevilbit.blogspot.com/2017/09/windows-kernel-pool-spraying-fun-part-4.html 2293 | 2294 | ## rpc 2295 | 2296 | - https://github.com/gentilkiwi/basic_rpc 2297 | 2298 | ## hash dump 2299 | 2300 | - https://github.com/AlessandroZ/LaZagneForensic 2301 | - https://github.com/AlessandroZ/LaZagne (browser credentials recovery) 2302 | - https://github.com/gentilkiwi/mimikatz 2303 | 2304 | ## auxiliary lib 2305 | 2306 | - https://github.com/David-Reguera-Garcia-Dreg/auxlib 2307 | 2308 | ## ring3 nt api 2309 | 2310 | - https://github.com/adrianyy/x64-syscall 2311 | - https://github.com/icestudent/ontl 2312 | - https://www.vergiliusproject.com/kernels 2313 | - https://github.com/DissectMalware/WinNativeIO 2314 | - https://github.com/zodiacon/WindowsInternals/tree/master/MemLimit/ndk 2315 | - https://github.com/codereversing/wow64syscall 2316 | - https://github.com/processhacker/phnt 2317 | - https://github.com/ntdiff/ntdiff 2318 | - https://ntdiff.github.io 2319 | - https://github.com/ntdiff/headers 2320 | - https://github.com/Chuyu-Team/NativeLib 2321 | 2322 | ## winpcap 2323 | 2324 | - http://libtins.github.io/tutorial/ 2325 | - https://github.com/abapat/DNSPoison 2326 | - http://www.ferrisxu.com/WinPcap/html/index.html 2327 | - https://github.com/wqqhit/DNSHijack 2328 | - https://github.com/klemenb/fiddly 2329 | - http://blog.csdn.net/Ni9htMar3/article/details/54612394 2330 | - https://www.cnblogs.com/xcj26/articles/6073411.html 2331 | - http://www.freebuf.com/articles/system/103526.html 2332 | - https://github.com/illahaha/zxarps (arpcheat) 2333 | - https://github.com/sincoder/zxarps (arpcheat) 2334 | 2335 | ## metasploit 2336 | 2337 | - https://github.com/entynetproject/entypreter 2338 | - https://github.com/dr0op/MsfRpcApi 2339 | - https://github.com/phackt/stager.dll 2340 | - https://github.com/ExpLife/metasploit-framework 2341 | - https://github.com/NytroRST/NetRipper 2342 | - https://github.com/breenmachine/RottenPotatoNG 2343 | 2344 | # shellcode generator 2345 | 2346 | - https://github.com/TheWover/donut 2347 | 2348 | ## shellcode encoder 2349 | 2350 | - https://github.com/ecx86/shellcode_encoder 2351 | 2352 | ## shadow 2353 | 2354 | - https://github.com/lcxl/lcxl-shadow 2355 | 2356 | ## network lib 2357 | 2358 | - https://github.com/zhllxt/asio2 2359 | 2360 | ## http 2361 | 2362 | - https://github.com/vlinhd11/WinHttpClass 2363 | - https://github.com/hpsocket/restclient-cpp 2364 | - https://github.com/farawaaay/http2 (http/2) 2365 | - https://github.com/OlehKulykov/libnhr 2366 | - https://github.com/erickutcher/httpdownloader 2367 | 2368 | ## https proxy 2369 | 2370 | - https://github.com/justcoding121/Titanium-Web-Proxy 2371 | - http://anyproxy.io/cn/ 2372 | - https://github.com/killbug2004/HttpsProxy 2373 | - https://github.com/erickutcher/httpproxy 2374 | 2375 | ## sock proxy 2376 | 2377 | - https://github.com/liulilittle/PaperAirplane 2378 | 2379 | ## reverse proxy 2380 | 2381 | - https://github.com/fatedier/frp/ 2382 | 2383 | ## mitm 2384 | 2385 | - https://github.com/zliu-fd/WinDivertProxy 2386 | - https://github.com/sipt/shuttle (GO) 2387 | - https://github.com/conorpp/MiTM-HTTP-Proxy 2388 | - https://github.com/moxie0/sslsniff 2389 | - https://github.com/wuchangming/node-mitmproxy 2390 | - https://github.com/hostilefork/flatworm 2391 | - https://github.com/progtramder/webproxy 2392 | - https://github.com/empijei/wapty 2393 | - https://github.com/xxxxnnxxxx/HttpProxy 2394 | - https://github.com/astibal/smithproxy 2395 | - https://github.com/TechnikEmpire/CitadelCore 2396 | - https://github.com/TechnikEmpire/HttpFilteringEngine 2397 | - https://blog.csdn.net/kunyus/article/details/78679717 2398 | - https://github.com/liuyufei/SSLKiller 2399 | - http://blog.csdn.net/Tencent_Bugly/article/details/72626127 2400 | - https://github.com/pfussell/pivotal 2401 | 2402 | ## ssl 2403 | 2404 | - https://github.com/edwig/SSLSocket 2405 | 2406 | ## json 2407 | 2408 | - https://github.com/ez8-co/xpjson 2409 | - https://github.com/marcusbotacin/MyJSON 2410 | 2411 | ## serialization 2412 | 2413 | - https://github.com/ez8-co/es11n 2414 | 2415 | ## awesome 2416 | 2417 | - https://websec.readthedocs.io/zh/latest/ (web sec) 2418 | - https://ctf-wiki.github.io/ctf-wiki/pwn/readme-zh/ 2419 | - https://chybeta.github.io/2017/08/19/Software-Security-Learning/ 2420 | - https://github.com/alphaSeclab/awesome-reverse-engineering 2421 | - https://github.com/enovella/TEE-reversing 2422 | - https://github.com/1c7/chinese-independent-developer 2423 | - https://github.com/theLSA/CS-checklist 2424 | - https://github.com/wcventure/FuzzingPaper 2425 | - https://github.com/wcventure/BugDetectionPaper 2426 | - https://github.com/xrkk/awesome-ida 2427 | - https://github.com/SecWiki/sec-chart 2428 | - https://github.com/skywind3000/awesome-cheatsheets (cheatsheets) 2429 | - https://github.com/toutiaoio/awesome-architecture 2430 | - https://github.com/streetleague/0xbird.github.io 2431 | - https://github.com/BlackINT3/awesome-debugging 2432 | - https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References 2433 | - https://github.com/jobbole/awesome-design-cn 2434 | - https://github.com/xuanhun/HackingResource 2435 | - https://github.com/yeyintminthuhtut/Awesome-Windows-Exploitation-Study-References 2436 | - https://github.com/anhkgg/awesome-windbg-extensions 2437 | - https://github.com/wcventure/FuzzingPaper 2438 | - https://github.com/fr0gger/awesome-ida-x64-olly-plugin 2439 | - https://github.com/Ridter/Intranet_Penetration_Tips 2440 | - https://github.com/danielmiessler/SecLists 2441 | - https://github.com/yeyintminthuhtut/Awesome-Red-Teaming 2442 | - https://github.com/REMath/literature_review 2443 | - https://github.com/phith0n/Mind-Map 2444 | - https://github.com/CHYbeta/Software-Security-Learning 2445 | - https://github.com/0x4D31/awesome-threat-detection 2446 | - https://github.com/Escapingbug/awesome-browser-exploit 2447 | - https://github.com/CaledoniaProject/awesome-opensource-security 2448 | - https://github.com/rshipp/awesome-malware-analysis 2449 | - https://github.com/lmy375/awesome-vmp 2450 | - https://github.com/ksluckow/awesome-symbolic-execution 2451 | - https://github.com/szysec/ctftest 2452 | - https://stackoverflow.com/questions/4946685/good-tutorial-for-windbg 2453 | - https://github.com/rmusser01/Infosec_Reference 2454 | - https://github.com/sam-b/windows_kernel_resources 2455 | - https://github.com/EbookFoundation/free-programming-books 2456 | - https://github.com/justjavac/free-programming-books-zh_CN 2457 | - https://github.com/rmusser01/Infosec_Reference/ 2458 | - https://github.com/jshaw87/Cheatsheets 2459 | - https://github.com/RPISEC/MBE 2460 | 2461 | ## windows Driver Kit ddi (device driver interface) documentation 2462 | 2463 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/install/ 2464 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/kernel/ 2465 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/network/ 2466 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/ddi/ 2467 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/driversecurity 2468 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/wdf/ 2469 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/samples/ 2470 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/debugger/ 2471 | - https://docs.microsoft.com/zh-cn/previous-versions/windows/embedded/gg157655(v=winembedded.80) 2472 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/debugger/time-travel-debugging-overview 2473 | - https://docs.microsoft.com/zh-cn/previous-versions/visualstudio/visual-studio-2010/aa983363(v=vs.100) (vmx) 2474 | 2475 | ## windbg preview & jsprovider 2476 | 2477 | - https://github.com/benoitsevens/applying-ttd-to-malware-analysis 2478 | - https://github.com/Microsoft/WinDbg-Samples 2479 | - https://bbs.pediy.com/thread-246449.htm 2480 | - http://doar-e.github.io/blog/2017/12/01/debugger-data-model/ 2481 | 2482 | ## anti-anti-vm 2483 | 2484 | - https://github.com/hzqst/VmwareHardenedLoader 2485 | 2486 | ## vm 2487 | 2488 | - https://github.com/etsubu/NanoVM (x64) 2489 | - https://github.com/tboox/vm86 2490 | 2491 | ## spy++ 2492 | 2493 | - https://github.com/strobejb/winspy 2494 | 2495 | ## pe tool 2496 | 2497 | - https://github.com/Darkabode/amte 2498 | - https://www.pelock.com/products/string-encrypt 2499 | - https://www.pelock.com/products/obfuscator 2500 | - https://github.com/hasherezade/funky_malware_formats 2501 | - https://github.com/hasherezade/hollows_hunter (scan hook) 2502 | - https://github.com/hasherezade/pe-sieve 2503 | - https://github.com/hasherezade/bearparser 2504 | - https://github.com/hasherezade/libpeconv 2505 | - https://github.com/hasherezade/malware_analysis 2506 | - https://github.com/hasherezade/libpeconv_project_template 2507 | - https://github.com/hasherezade/libpeconv_wrappers 2508 | - https://github.com/hasherezade/process_doppelganging 2509 | - https://github.com/hasherezade/bee_parser 2510 | - https://github.com/hasherezade/pe_to_shellcode 2511 | - https://github.com/hasherezade/mal_unpack 2512 | - https://github.com/hasherezade/process_chameleon (modify exe path) 2513 | - https://github.com/hasherezade/loaderine 2514 | - https://github.com/hasherezade/chimera_loader 2515 | - https://github.com/YajS/NikPEViewer 2516 | 2517 | ## tools 2518 | 2519 | - https://github.com/codilime/veles 2520 | - https://github.com/glmcdona/strings2 2521 | - http://bytepointer.com/tools/index.htm#peupdate 2522 | - https://github.com/endgameinc/xori (Dissasemblers blackhat 2018) 2523 | - http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/ 2524 | 2525 | ## post-exploitation 2526 | 2527 | - https://github.com/0x09AL/DNS-Persist (DNS C&C) 2528 | - https://github.com/francisck/DanderSpritz_lab 2529 | - https://github.com/francisck/DanderSpritz_docs 2530 | 2531 | ## nsa security tools 2532 | 2533 | - https://github.com/exploitx3/FUZZBUNCH 2534 | - https://github.com/fuzzbunch/fuzzbunch 2535 | - https://github.com/peterpt/fuzzbunch 2536 | 2537 | ## apt 2538 | 2539 | - https://github.com/RedDrip7/APT_Digital_Weapon 2540 | - https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections 2541 | - https://github.com/kbandla/APTnotes 2542 | - https://attack.mitre.org/wiki/Groups 2543 | - https://github.com/fdiskyou/threat-INTel 2544 | 2545 | ## 3rd party library 2546 | 2547 | - https://github.com/ez8-co/ezpp 2548 | - https://github.com/ez8-co/emock 2549 | - https://github.com/ez8-co/atomic 2550 | - https://github.com/ez8-co/linked_hash 2551 | - https://github.com/asmjit/asmjit (jit) 2552 | - https://github.com/acl-dev/acl 2553 | - https://github.com/kingsamchen/WinAntHttp 2554 | - https://github.com/kingsamchen/KAdBlockEngine 2555 | - https://github.com/kingsamchen/KLog 2556 | - https://github.com/kingsamchen/Eureka 2557 | - https://zh-cn.libreoffice.org/ 2558 | - https://github.com/GiovanniDicanio/WinReg 2559 | - https://github.com/GiovanniDicanio/StopwatchWin32 2560 | - https://github.com/Wintellect/ProcMonDebugOutput 2561 | - https://github.com/GiovanniDicanio/ReadStringsFromRegistry 2562 | - https://github.com/GiovanniDicanio/Utf8ConvAtlStl 2563 | - https://github.com/GiovanniDicanio/StringPool 2564 | - https://github.com/GiovanniDicanio/MapWithCaseInsensitiveStringKey 2565 | - https://github.com/GiovanniDicanio/SafeArraySamples 2566 | - https://github.com/GiovanniDicanio/TestSSO 2567 | - https://github.com/GiovanniDicanio/DoubleNulTerminatedString 2568 | - https://github.com/GiovanniDicanio/LoadingCedictBenchmarkCpp 2569 | - https://github.com/GiovanniDicanio/TestStringSorting 2570 | - https://github.com/GiovanniDicanio/UnicodeConversions 2571 | - https://github.com/GiovanniDicanio/TestStringsAtlVsStl 2572 | - https://github.com/GiovanniDicanio/UnicodeConversionAtl 2573 | - https://github.com/GiovanniDicanio/StlVectorVsListPerformance 2574 | 2575 | ## rpc 2576 | 2577 | - https://github.com/houjingyi233/ALPC-fuzz-study 2578 | - https://github.com/muxq/hellorpc 2579 | 2580 | ## adblock 2581 | 2582 | - https://github.com/adblockplus/adblockplusie 2583 | - https://github.com/adblockplus/adblockpluscore 2584 | - https://github.com/adblockplus/libadblockplus 2585 | 2586 | ## bypass uac 2587 | 2588 | - https://github.com/sailay1996/UAC_Bypass_In_The_Wild 2589 | - https://github.com/hfiref0x/UACME 2590 | 2591 | ## miscellaneous 2592 | 2593 | - https://github.com/rabbitstack/fibratus (https://github.com/rabbitstack/fibratus) 2594 | - https://github.com/theopolis/uefi-firmware-parser 2595 | - https://github.com/z175/kdmapper 2596 | - https://github.com/heckerli/netshield 2597 | - https://github.com/TalAloni/SMBLibrary 2598 | - https://www.unknowncheats.me/forum/c-and-c-/179852-ring0-random-string-generator-kernel-driver.html 2599 | - https://github.com/gztss/SerialTool (serial debug tool) 2600 | - https://github.com/platomav/CPUMicrocodes 2601 | - https://github.com/DavexPro/PocHunter 2602 | - https://github.com/Microsoft/Windows-universal-samples 2603 | - https://github.com/ionescu007/wnfun 2604 | - https://github.com/waryas/UMPMLib 2605 | - https://github.com/MeeSong/Windows_OS_Internals_Curriculum_Resource_Kit-ACADEMIC 2606 | - https://github.com/piaoyunsoft/WebRedemption 2607 | - https://github.com/sudoconf/http_encode 2608 | - https://github.com/wjcsharp/wintools 2609 | - https://github.com/nmgwddj/HttpSourceViewer 2610 | - https://github.com/nmgwddj/nvapi-example (Digital Vibrance Controls) 2611 | - https://github.com/n1nj4sec/memorpy 2612 | - https://github.com/TinyCC/tinycc 2613 | - https://github.com/msuhanov/regf (reg formats) 2614 | - https://github.com/beader/tianchi-3rd_security 2615 | - https://github.com/Schnocker/HLeaker 2616 | - http://www.geoffchappell.com/studies/windows/km/index.htm (reverse) 2617 | - https://github.com/AntiRootkit/HandleSpy 2618 | - https://github.com/securifera/HeapMonitor 2619 | - https://github.com/securifera/serviceFu 2620 | - https://github.com/mq1n/WSWatcher 2621 | - https://github.com/imagemlt/EasyKnife (CKnife) 2622 | - https://github.com/didi/kemon (macOS Kernel Monitoring Callback Framework) 2623 | - https://github.com/Microsoft/microsoft-pdb (pdb format) 2624 | - https://github.com/Darm64/XNU 2625 | - https://github.com/netromdk/bmod 2626 | - https://github.com/rgl/windows-domain-controller-vagrant 2627 | - https://github.com/panda-re/panda 2628 | - https://github.com/DarkSpiritz/DarkSpiritz 2629 | - https://rayanfam.com/topics/inline-assembly-in-x64/ (x64 inline asm) 2630 | - https://www.jianshu.com/p/15be72d919ff (traversing the icon on the desktop) 2631 | - https://github.com/nshalabi/SysmonTools 2632 | - https://github.com/nshalabi/ATTACK-Tools 2633 | - https://github.com/ExpLife0011/hf-2012 2634 | - https://github.com/tyranid/windows-attacksurface-workshop/ (2018) 2635 | - https://github.com/CherryPill/system_info 2636 | - https://github.com/muxq/DPAPI 2637 | - https://github.com/ExpLife/directntapi 2638 | - https://github.com/gaozan198912/myproject 2639 | - https://github.com/k0keoyo/ntoskrnl-symbol-pdb-and-undocument-structures 2640 | - https://github.com/gentilkiwi/p11proxy 2641 | - https://github.com/gentilkiwi/kekeo 2642 | - https://github.com/ExpLife/ByPassCfg 2643 | - https://github.com/hfiref0x/SXSEXP 2644 | - https://github.com/hfiref0x/VBoxHardenedLoader 2645 | - https://github.com/hfiref0x/SyscallTables 2646 | - https://github.com/hfiref0x/WinObjEx64 2647 | - https://github.com/Cr4sh/DbgCb 2648 | - https://github.com/Cr4sh/s6_pcie_microblaze 2649 | - https://github.com/ionescu007/SpecuCheck 2650 | - https://github.com/ionescu007/lxss 2651 | - https://github.com/intel/haxm 2652 | - https://github.com/akayn/Resources 2653 | - https://github.com/DarthTon/SecureEraseWin 2654 | - https://github.com/tinysec/windows-syscall-table 2655 | - https://github.com/tinysec/jsrt 2656 | - https://github.com/zodiacon/DriverMon 2657 | - https://github.com/zodiacon/GflagsX 2658 | - https://github.com/zodiacon/PEExplorer 2659 | - https://github.com/zodiacon/KernelExplorer 2660 | - https://github.com/zodiacon/AllTools 2661 | - https://github.com/zodiacon/WindowsInternals 2662 | - https://github.com/hackedteam/vector-silent 2663 | - https://github.com/hackedteam/core-packer 2664 | - https://github.com/hackedteam/vector-recover 2665 | - https://github.com/k33nteam/cc-shellcoding 2666 | - https://github.com/rwfpl/rewolf-wow64ext 2667 | - https://github.com/rwfpl/rewolf-x86-virtualizer 2668 | - https://github.com/rwfpl/rewolf-gogogadget 2669 | - https://github.com/rwfpl/rewolf-dllpackager 2670 | - https://github.com/Microsoft/ChakraCore 2671 | - https://github.com/google/symboliclink-testing-tools 2672 | - https://github.com/ptresearch/IntelME-JTAG 2673 | - https://github.com/smourier/TraceSpy 2674 | - https://github.com/G-E-N-E-S-I-S/tasklist-brutus 2675 | - https://github.com/G-E-N-E-S-I-S/token_manipulation 2676 | - https://github.com/jjzhang166/sdk 2677 | - https://github.com/killswitch-GUI/HotLoad-Driver 2678 | - https://github.com/killswitch-GUI/minidump-lib 2679 | - https://github.com/killswitch-GUI/win32-named-pipes-example 2680 | - https://github.com/Kelvinhack/ScreenCapAttack 2681 | - https://github.com/tyranid/oleviewdotnet 2682 | - https://github.com/tyranid/CANAPE.Core 2683 | - https://github.com/tyranid/DotNetToJScript 2684 | 2685 | ## slides 2686 | 2687 | - http://security.cs.rpi.edu/courses/binexp-spring2015 2688 | - https://rmusser.net/docs/ 2689 | - https://keenlab.tencent.com/zh 2690 | 2691 | ## blogs 2692 | 2693 | - https://redogwu.github.io (kernel exp) 2694 | - https://docs.microsoft.com/zh-cn/windows-hardware/drivers/debugger/debug-universal-drivers--kernel-mode-#kernelmodedebuggingcommandsandtechniques (windbg help) 2695 | - http://www.dbgtech.net (windbg help) 2696 | - https://blog.csdn.net/hgy413/article/details/7054870 (windbg usage) 2697 | - https://guidedhacking.com (game hack) 2698 | - http://kdext.com/links.html 2699 | - http://www.reconstructer.org/papers/Hunting%20rootkits%20with%20Windbg.pdf 2700 | - https://www.slideshare.net/MSbluehat/bluehat-v18-memory-resident-implants-code-injection-is-alive-and-well 2701 | - https://www.sekoia.fr/blog 2702 | - https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/single-binary-opt-in-pool-nx-optin (VS WDK Config) 2703 | - https://blog.csdn.net/qq_18218335/article/details/77480475 (VS WDK Config) 2704 | - https://docs.microsoft.com/zh-cn/previous-versions//jj572863(v=vs.85) (VS WDK Config) 2705 | - https://blog.csdn.net/lpwstr/article/details/81190171 (VS WDK Config) 2706 | - http://www.yiiyee.cn/Blog/win8-driver/ 2707 | - https://blog.csdn.net/liwen930723 2708 | - https://ktkitty.github.io/ (vul) 2709 | - https://secrary.com/RandomPosts 2710 | - http://www.mycode.net.cn/ 2711 | - http://split-code.com 2712 | - http://eternalsakura13.com 2713 | - https://xiaodaozhi.com/ 2714 | - https://blog.vicayang.cc/ 2715 | - https://www.fwhibbit.es/sysmon-the-big-brother-of-windows-and-the-super-sysmonview 2716 | - https://dedbg.com/ 2717 | - https://leguanyuan.blogspot.com 2718 | - http://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/profile/bugdemo.htm 2719 | - https://blog.can.ac 2720 | - https://b33t1e.github.io/2018/01/03/About-VMProtect/ 2721 | - http://www.diting0x.com/ 2722 | - http://lotabout.me/archives/ (write a c interpreter) 2723 | - http://2997ms.com/2016/10/09/2016/2016-9%E6%9C%88-%E5%90%AD%E5%93%A7%E5%92%94%E5%93%A7/ 2724 | - http://www.trueai.cn/ 2725 | - https://whereisk0shl.top 2726 | - https://www.anquanke.com/post/id/97245 2727 | - https://lifeinhex.com 2728 | - https://vallejo.cc/2017/11/18/installation-and-first-contact-with-the-new-windbg/ 2729 | - http://www.vxjump.net/ 2730 | - https://channel9.msdn.com/Shows/Defrag-Tools 2731 | - http://windbg.info/ 2732 | - http://windbg.org/ 2733 | - https://msdn.microsoft.com/en-us/library/windows/hardware/ff553217(v=vs.85).aspx 2734 | - http://www.andreybazhan.com/ 2735 | - https://blogs.technet.microsoft.com/markrussinovich/ 2736 | - http://undocumented.ntinternals.net/ 2737 | - http://j00ru.vexillium.org/ 2738 | - https://sysprogs.com/ 2739 | - http://www.rohitab.com/ 2740 | - https://sww-it.ru/ 2741 | - http://blogs.microsoft.co.il/pavely/ 2742 | - https://www.corelan.be/ 2743 | - http://tombkeeper.blog.techweb.com.cn/ 2744 | - http://www.zer0mem.sk/ 2745 | - http://blog.rewolf.pl/blog/ 2746 | - http://www.alex-ionescu.com/ 2747 | - http://blog.cr4.sh/ 2748 | - https://rootkits.xyz/ 2749 | - https://ixyzero.com/blog/archives/3543.html 2750 | - https://whereisk0shl.top/ 2751 | - http://www.triplefault.io/2017/09/enumerating-process-thread-and-image.html 2752 | - http://doar-e.github.io/blog/2017/12/01/debugger-data-model/ 2753 | - https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugging-using-windbg-preview 2754 | - https://blog.xpnsec.com/ 2755 | - https://www.fireeye.com/blog/threat-research/2018/01/simplifying-graphs-in-ida.html 2756 | - http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/ 2757 | - http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation 2758 | 2759 | ## sec tools 2760 | 2761 | - https://securityxploded.com 2762 | 2763 | ## waf 2764 | 2765 | - https://github.com/SpiderLabs/ModSecurity 2766 | 2767 | ## web security research site 2768 | 2769 | - https://pagedout.institute/ 2770 | - https://github.com/frizb/Bypassing-Web-Application-Firewalls (bypass waf) 2771 | - http://malware-traffic-analysis.net 2772 | - https://malwaretips.com/ 2773 | - https://www.sec-wiki.com 2774 | - https://www.anquanke.com/ 2775 | - http://xuanwulab.github.io/cn/secnews/2018/02/08/index.html 2776 | - http://www.vxjump.net/ 2777 | - https://www.pediy.com/ 2778 | - https://navisec.it/ 2779 | - http://www.secbang.com/ 2780 | 2781 | ## development documents 2782 | 2783 | - http://devdocs.io/ 2784 | - https://zealdocs.org/ 2785 | 2786 | ## browser automated test 2787 | 2788 | - https://github.com/florentbr/SeleniumBasic 2789 | 2790 | ## docker 2791 | 2792 | - http://dockone.io/search/q-RG9ja09uZeaKgOacr+WIhuS6qw==#articles 2793 | 2794 | ## leaked source code 2795 | 2796 | - https://github.com/cocus/openmsvbvm 2797 | - https://github.com/misterch0c/shadowbroker (NSA) 2798 | - https://github.com/pustladi/Windows-2000 2799 | - https://github.com/killbug2004/NT_4.0_SourceCode 2800 | - https://github.com/pustladi/TrueCrypt-7.2 2801 | - https://github.com/pustladi/MS-DOS-v.1.1 2802 | - https://github.com/pustladi/MS-DOS-v.2.0 2803 | 2804 | ## sspi 2805 | 2806 | - https://github.com/deemru/msspi 2807 | - https://github.com/vletoux/DetectPasswordViaNTLMInFlow 2808 | - https://github.com/judek/sspiauthenticate 2809 | - https://github.com/BobCatC/xSspi 2810 | - https://github.com/sishtiaq/SampleSSPICode 2811 | - https://github.com/liamkirton/sslpyfilter 2812 | - https://github.com/bschlenk/gsspp 2813 | 2814 | ## openssl 2815 | 2816 | - https://github.com/square/certstrap (go) 2817 | - https://github.com/hioa-cs/IncludeOS/blob/fd92a5394b493b5b645b2123966d38c1576df250/src/net/https/openssl_server.cpp#L72 2818 | - https://github.com/robertblackwell/marvincpp 2819 | - https://github.com/equalitie/ouinet 2820 | - https://github.com/LiTianjue/mite-note 2821 | - https://blog.csdn.net/dotalee/article/details/78041691 2822 | - https://www.cnblogs.com/kennyhr/p/3746048.html 2823 | 2824 | ## pdb 2825 | 2826 | - https://github.com/wbenny/pdbex 2827 | 2828 | ## gpu 2829 | 2830 | - https://github.com/Volkanite/Push 2831 | 2832 | ## crypto api 2833 | 2834 | - https://github.com/tplgy/cppcodec (c++11 base64) 2835 | - https://github.com/maldevel/AES256 2836 | - https://github.com/wbenny/mini-tor 2837 | - https://github.com/wyrover/CryptoAPI-examples 2838 | - https://github.com/fmuecke/CryptoApi 2839 | - https://github.com/ViartX/CacheCrypto 2840 | - https://github.com/Deerenaros/CryptoAPIWrapper 2841 | - https://github.com/maldevel/SHA256 2842 | - https://github.com/13g10n/crypto 2843 | 2844 | ## ipc 2845 | 2846 | - https://github.com/fangqing/PipeLink 2847 | - https://github.com/e3ntity/windows_named_pipe_ipc 2848 | 2849 | ## iot sec 2850 | 2851 | - https://iot.sec-wiki.com/ 2852 | 2853 | ## ascii banner 2854 | 2855 | - http://www.network-science.de/ascii/ 2856 | - http://www.degraeve.com/img2txt.php 2857 | 2858 | ## book code 2859 | 2860 | - https://github.com/yifengyou/32to64 2861 | - https://github.com/elephantos/elephant 2862 | - https://github.com/yifengyou/Android-software-security-and-reverse-analysis 2863 | - https://github.com/yifengyou/Code-virtualization-and-automation-analysis 2864 | - https://github.com/yifengyou/Software-protection-and-analysis-techniques---principles-and-practices 2865 | - https://github.com/yifengyou/X86-assembly-language-from-real-mode-to-protection-mode 2866 | 2867 | ## regex 2868 | 2869 | - https://github.com/zeeshanu/learn-regex 2870 | 2871 | ## paper 2872 | 2873 | - https://github.com/wcventure/PC-Malware-Sklearner 2874 | - https://www.virusbulletin.com/uploads/pdf/conference_slides/2018/Svajcer-VB2018-KernelModeAnalysis.pdf (windbg usage) 2875 | - https://hitcon.org/2018/CMT/slide-files/d1_s5_r0.pdf?v=2 (game cheat) 2876 | - https://github.com/tyranid/WindowsRuntimeSecurityDemos 2877 | - https://translation-zh-cn.readthedocs.io/zh_CN/ 2878 | - https://speakerdeck.com 2879 | 2880 | ## ebook 2881 | 2882 | - https://github.com/Bypass007/Emergency-Response-Notes 2883 | - https://github.com/yifengyou/The-design-and-implementation-of-a-64-bit-operating-system 2884 | - https://github.com/firmianay/CTF-All-In-One 2885 | - https://github.com/cfenollosa/os-tutorial 2886 | - https://github.com/Snowming04/The-Hacker-Playbook-3-Translation 2887 | - https://github.com/xuanhun/PythonHackingBook1 2888 | - https://github.com/xapax/security 2889 | - https://github.com/chryzsh/DarthSidious (AD Domain hack) 2890 | - https://github.com/chryzsh/practical-hacking 2891 | - http://www.foxebook.net/ 2892 | 2893 | ## ctf 2894 | 2895 | - https://github.com/boogy/ctfbox 2896 | - https://github.com/Ignitetechnologies/Privilege-Escalation 2897 | - https://github.com/ktecv2000/How-to-play-CTF 2898 | 2899 | ## pentest 2900 | 2901 | - https://github.com/hongriSec/Web-Security-Attack 2902 | - https://github.com/jiansiting/Kali-Windows 2903 | - https://github.com/uknowsec/Active-Directory-Pentest-Notes 2904 | - https://micro8.gitbook.io/micro8/ 2905 | - https://github.com/aleenzz/Cobalt_Strike_wiki 2906 | - https://github.com/l3m0n/pentest_study 2907 | - https://github.com/l3m0n/pentest_tools 2908 | - https://github.com/l3m0n/linux_information 2909 | 2910 | ## wpad/pac 2911 | 2912 | - https://github.com/marx-yu/ProxyParser 2913 | - http://www.devnotes.in/2014/11/08/auto-proxy-settings-with-PAC.html 2914 | - http://www.lybbn.cn/data/datas.php?yw=76 2915 | - https://blog.huzhifeng.com/2017/07/16/PAC/ 2916 | - https://github.com/manugarg/pacparser 2917 | 2918 | ## javascript 2919 | 2920 | - https://github.com/qianguyihao/Web 2921 | - https://github.com/Daotin/front-end-self-study-notes 2922 | 2923 | ## js obfuscator/deobfuscator 2924 | 2925 | - https://beautifier.io/ 2926 | - https://tool.lu/js/ 2927 | - https://www.52pojie.cn/thread-128803-1-1.html 2928 | - http://www.kahusecurity.com/2011/javascript-deobfuscation-tools-part-1/ 2929 | - http://www.kahusecurity.com/2011/javascript-deobfucation-tools-part-2/ 2930 | - http://deobfuscatejavascript.com/ 2931 | - http://js.pnote.net/#/js 2932 | 2933 | ## decompiler 2934 | 2935 | - https://github.com/herumi/xbyak 2936 | - https://github.com/wargio/r2dec-js (asm to c) 2937 | 2938 | ## encryption/decryption tools 2939 | 2940 | - https://www.devglan.com 2941 | 2942 | ## english 2943 | 2944 | - https://github.com/yujiangshui/An-English-Guide-for-Programmers 2945 | 2946 | ## downloader 2947 | 2948 | - https://github.com/alanzhangzm/Photon 2949 | 2950 | ## python 2951 | 2952 | - https://github.com/wistbean/learn_python3_spider 2953 | - https://github.com/Kr1s77/awesome-python-login-model 2954 | - https://github.com/Kr1s77/Python-crawler-tutorial-starts-from-zero 2955 | - https://github.com/jackfrued/Python-100-Days 2956 | 2957 | ## puppeteer 2958 | 2959 | - https://github.com/GoogleChrome/puppeteer/blob/v1.20.0/docs/api.md 2960 | - https://zhaoqize.github.io/puppeteer-api-zh_CN 2961 | - https://github.com/csbun/thal 2962 | - https://www.yuque.com/imhelloworld/share-day/no8xoc 2963 | - https://blog.csdn.net/qupan1993/article/details/85371556 2964 | - https://www.php.cn/js-tutorial-399252.html 2965 | 2966 | ## java 2967 | 2968 | - http://www.52im.net/thread-28-1-1.html (beautyeye GUI) 2969 | - https://github.com/JackJiang2011/beautyeye (beautyeye GUI) 2970 | - https://blog.csdn.net/pinlantu/article/details/83957672 2971 | 2972 | ## android 2973 | 2974 | - https://blog.csdn.net/aqi00/article/details/50012511 2975 | 2976 | ## android reverse engine 2977 | 2978 | - https://github.com/r0ysue/AndroidSecurityStudy 2979 | - https://github.com/JesusFreke/smali 2980 | - https://bitbucket.org/JesusFreke/smali 2981 | - https://github.com/pxb1988/dex2jar 2982 | - https://github.com/java-decompiler/jd-gui 2983 | - https://github.com/skylot/jadx 2984 | - https://github.com/Konloch/bytecode-viewer 2985 | - https://github.com/MobSF/Mobile-Security-Framework-MobSF 2986 | 2987 | ## library 2988 | 2989 | - https://github.com/myfreeer/cppreference2mshelp/ 2990 | - https://www.ctolib.com/ 2991 | 2992 | # `awesome-windows-kernel-security-development` 2993 | --------------------------------------------------------------------------------