Pinned Repositories
-0day-
针对《解密家用路由器0day漏洞挖掘技术》一书的相关笔记
-Ah-ANGRYORCHARD
A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.
-Ah-blacklotus
A attempt at replicating BLACKLOTUS capabilities, whilst not acting as a direct mimic.
-Ah-bootdoor
Former UEFI Firmware Rootkit Replicating MoonBounce / ESPECTRE
-Ah-bootlicker
A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.
-Ah-titanldr-ng
A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.
-Ah-TransitionalPeriod
Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits
-CSMOD-AM0N-Eye
-EventLogEraser-_windows_event_log_study
_A_H_ghost
A sample client/server architecture
827Dream's Repositories
827Dream/-0day-
针对《解密家用路由器0day漏洞挖掘技术》一书的相关笔记
827Dream/-Ah-bootdoor
Former UEFI Firmware Rootkit Replicating MoonBounce / ESPECTRE
827Dream/amber
Reflective PE packer.
827Dream/bootkit
UEFI bootkit: Hardware Implant. In-Progress
827Dream/CheekyBlinder
Enumerating and removing kernel callbacks using signed vulnerable drivers
827Dream/CobaltStrike
CobaltStrike's source code
827Dream/conti_locker
Conti Locker source code
827Dream/CVE-2021-21551
827Dream/DarkLoadLibrary
LoadLibrary for offensive operations
827Dream/EDRSandblast
827Dream/EtwTi-Syscall-Hook
A simple program to hook the current process to identify the manual syscall executions on windows
827Dream/hm-pe-packer
A x64 PE Packer/Protector Developed in C++ and VisualStudio
827Dream/injection
Windows process injection methods
827Dream/KingHamlet
Process Ghosting Tool
827Dream/mortar
evasion technique to defeat and divert detection and prevention of security products (AV/EDR/XDR)
827Dream/physmem_drivers
A collection of various vulnerable (mostly physical memory exposing) drivers.
827Dream/Richkware
Framework for building Windows malware, written in C++
827Dream/rootkit-arsenal-guacamole
An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples
827Dream/ScareCrow
ScareCrow - Payload creation framework designed around EDR bypass.
827Dream/SleepyCrypt
A shellcode function to encrypt a running process image when sleeping.
827Dream/SomethingIntresting
827Dream/TitanLdr
Public variation of Titan Loader
827Dream/transacted_hollowing
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
827Dream/UnSHc
UnSHc - How to decrypt SHc *.sh.x encrypted file ?
827Dream/usbgadget-tool
Dumb USB HID gadget creator for Android (for triggering device driver install on Windows for LPE)
827Dream/VeraCrypt
Disk encryption with strong security based on TrueCrypt
827Dream/Virus-analysis
病毒样本分析
827Dream/vortex
VPN Overall Reconnaissance, Testing, Enumeration and eXploitation Toolkit
827Dream/VXUG-Papers
Research code & papers from members of vx-underground.
827Dream/WindowsInternals
Windows Internals Book 7th edition Tools