Pinned Repositories
100-Days-of-ML-Code-Chinese-Version
Chinese Translation for Machine Learning Infographics
ACL-nuller
Assembly to NULL ACL on Windows 8.1 x64
ACL_Edit
Assembly code to use for Windows kernel shellcode to edit winlogon.exe ACL
across
Across the Great Wall we can reach every corner in the world
Advanced-Process-Injection-Workshop
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
AllTools
All reasonably stable tools
ALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.
AlternativeShellcodeExec
Alternative Shellcode Execution Via Callbacks
CVE-2019-0623-32-exp
win32k
Anti-ghosts's Repositories
Anti-ghosts/ACL_Edit
Assembly code to use for Windows kernel shellcode to edit winlogon.exe ACL
Anti-ghosts/anti-debug
Anti-ghosts/awesome-vmp
虚拟化保护(VMP壳)分析相关资料
Anti-ghosts/bypass-uac
Anti-ghosts/Carberp
Anti-ghosts/CVE-2015-0057
翻译文章,CVE-2015-0057漏洞在32位和64位系统上的利用。Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE 2015-0057) bug on both 32-bit and 64-bit(Aaron Adams of NCC )
Anti-ghosts/CVE-2018-8120
CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7
Anti-ghosts/DataOnlyShellcode
Anti-ghosts/DisableWin10PatchguardPoc
pseudo-code to show how to disable patchguard with win10
Anti-ghosts/DNS-Persist
DNS-Persist is a post-exploitation agent which uses DNS for command and control.
Anti-ghosts/EQGRP_Lost_in_Translation
Decrypted content of odd.tar.xz.gpg, swift.tar.xz.gpg and windows.tar.xz.gpg
Anti-ghosts/gdi-palettes-exp
DC25 5A1F - Demystifying Windows Kernel Exploitation by Abusing GDI Objects
Anti-ghosts/HideDriver
Using DKOM to hide kernel mode drivers
Anti-ghosts/Inject-dll-by-Process-Doppelganging
Process Doppelgänging
Anti-ghosts/injectAllTheThings
Seven different DLL injection techniques in one single project.
Anti-ghosts/Kernel-Force-Delete
force delete runing .exe application file.or delete any locked file
Anti-ghosts/KernelReadWriteMemory
Simple code to manipulate the memory of a usermode process from kernel.
Anti-ghosts/Privilege_Shellcode
Kernel Shellcode to add all privileges in token
Anti-ghosts/ProcessInjection
Some ways to inject a DLL into a alive process
Anti-ghosts/QT-Process-Protect
GUI Kernel driver process protect tool
Anti-ghosts/ReflectivePELoader
Reflective PE loader for DLL injection
Anti-ghosts/slides
Anti-ghosts/Token-Stealing-Shellcode
Anti-ghosts/warbird_exploit
https://blog.xpnsec.com/windows-warbird-privesc/
Anti-ghosts/Win64DriverStudy_Src
WIN64驱动编程基础教程-源码 作者:胡文亮
Anti-ghosts/windows_kernel_address_leaks
Examples of leaking Kernel Mode information from User Mode on Windows
Anti-ghosts/windows_kernel_security_and_driver_development
《winsows内核安全与驱动开发》,谭文,陈铭霖等著。配套光盘example。现在还配光盘实在是浪费啊...
Anti-ghosts/WindowsIntelPT
This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows
Anti-ghosts/workshops
Anti-ghosts/ZeroBank-ring0-bundle
Kernel-Mode rootkit that connects to a remote server to send & recv commands