Pinned Repositories
AhMyth-Android-RAT
Android Remote Administration Tool
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
ARPUninstallStringLauncherBypassUac
Use ARP UninstallString Launcher to bypass uac
Articles
Technology sharing in company
awesome-windows-kernel-security-development
haxm
Intel® Hardware Accelerated Execution Manager (Intel® HAXM)
hidden
Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc
HyperPlatform
Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.
Shellcode_Template_in_C
xAnalyzer
xAnalyzer plugin for x64dbg
0xC05StackOverflow's Repositories
0xC05StackOverflow/Syscall-Monitor
Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+
0xC05StackOverflow/kHypervisor
Nested-VMM
0xC05StackOverflow/xAnalyzer
xAnalyzer plugin for x64dbg
0xC05StackOverflow/Exploits
Windows Exploits
0xC05StackOverflow/driver_unpacking
Source code for the "Kernel driver unpacking with x64dbg" blog post.
0xC05StackOverflow/hidden
Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc
0xC05StackOverflow/Veil-Evasion
Veil Evasion is no longer supported, use Veil 3.0!
0xC05StackOverflow/EQGRP
Decrypted content of eqgrp-auction-file.tar.xz
0xC05StackOverflow/Tools
BlackTools
0xC05StackOverflow/UACME
Defeating Windows User Account Control
0xC05StackOverflow/WFPFirewall
基于WFP(Windows Filter Platform)的个人防火墙系统
0xC05StackOverflow/MemoryModule
Library to load a DLL from memory.
0xC05StackOverflow/ARPUninstallStringLauncherBypassUac
Use ARP UninstallString Launcher to bypass uac
0xC05StackOverflow/cobra
Windows version of Linux Desktop Testing Project
0xC05StackOverflow/ProcessHider
Post-exploitation tool for hiding processes from monitoring applications
0xC05StackOverflow/sems
Virtualbox, VirtualMachine, Cuckoo, Anubis, ThreatExpert, Sandboxie, QEMU, Analysis Tools Detection Tools
0xC05StackOverflow/Injectora
x86/x64 manual mapping injector using the JUCE library
0xC05StackOverflow/Win64-Rovnix-VBR-Bootkit
Win64/Rovnix - Volume Boot Record Bootkit
0xC05StackOverflow/patchdiff2
IDA binary differ. Since code.google.com/p/patchdiff2/ seemed abandoned, I did the obvious thing…
0xC05StackOverflow/Rovnix
Rovnix Bootkit
0xC05StackOverflow/Carberp-1
Carberp Banking Trojan
0xC05StackOverflow/Shellcode_Template_in_C
0xC05StackOverflow/Carberp