Pinned Repositories
100-Days-of-ML-Code-Chinese-Version
Chinese Translation for Machine Learning Infographics
ACL-nuller
Assembly to NULL ACL on Windows 8.1 x64
ACL_Edit
Assembly code to use for Windows kernel shellcode to edit winlogon.exe ACL
across
Across the Great Wall we can reach every corner in the world
Advanced-Process-Injection-Workshop
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
AllTools
All reasonably stable tools
ALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.
AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
CVE-2019-0623-32-exp
win32k
Anti-ghosts's Repositories
Anti-ghosts/APT_Step_Bear_Inject
复现《EDR的梦魇:Storm-0978使用新型内核注入技术“Step Bear”》
Anti-ghosts/Banshee
Experimental Windows x64 Kernel Rootkit.
Anti-ghosts/BHUSA-2023
Anti-ghosts/blog
:bookmark: 个人博客仓库,用于记录一些幼稚的想法和脑残的瞬间,欢迎 star、watch,该仓库为个人博客,请不要提 issue ,该仓库后端参考了 @yihong0618 的 gitblog 项目,前端参考了@LoeiFy 的 Mirror 项目,感谢!
Anti-ghosts/CrackMapExec
A swiss army knife for pentesting networks
Anti-ghosts/cv
Anti-ghosts/CVE-2022-4262
Anti-ghosts/CVE-2024-21338
Windows AppLocker Driver (appid.sys) LPE
Anti-ghosts/CVE-2024-21626
PoC and Detection for CVE-2024-21626
Anti-ghosts/CVE-2024-38063
poc for CVE-2024-38063 (RCE in tcpip.sys)
Anti-ghosts/CVE-2024-38077
RDL的堆溢出导致的RCE
Anti-ghosts/CVE-2024-38077-POC
原文已被作者删除,备份用,非原创,EXP & POC
Anti-ghosts/CVE-2024-4577-PHP-RCE
[漏洞复现] 全球首款利用PHP默认环境的CVE-2024-4577 PHP-CGI RCE 漏洞 EXP,共享原创EXP,支持SSRF,支持绕过WAF。The world's first CVE-2024-4577 PHP-CGI RCE exploit utilizing the default PHP environment. Sharing original exploit, supports SSRF, supports WAF bypass.
Anti-ghosts/CVE_2024_30078_POC_WIFI
basic concept for the latest windows wifi driver CVE
Anti-ghosts/DarkWidow
Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing
Anti-ghosts/EagleVM
Native code virtualizer for x64 binaries
Anti-ghosts/EDR-XDR-AV-Killer
Reproducing Spyboy technique, which involves terminating all EDR/XDR/AVs processes by abusing the zam64.sys driver
Anti-ghosts/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
Anti-ghosts/hrtng
IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations
Anti-ghosts/kestrel-huntbook
This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)
Anti-ghosts/maldev
⚠️ malware development
Anti-ghosts/MSRC-Security-Research
Security Research from the Microsoft Security Response Center (MSRC)
Anti-ghosts/openedr
Open EDR public repository
Anti-ghosts/PPT
关于我对外做过分享的议题PPT
Anti-ghosts/RmTools
蓝队应急工具
Anti-ghosts/src
漏洞报告已脱敏
Anti-ghosts/SystemExplorer
Windows System Explorer
Anti-ghosts/WinArk
Windows Anti-Rootkit Tool
Anti-ghosts/WindowsDowndate
A tool that takes over Windows Updates to craft custom downgrades and expose past fixed vulnerabilities
Anti-ghosts/WinPmem
The multi-platform memory acquisition tool.