Pinned Repositories
AheadLib-x86-x64
hijack dll Source Code Generator. support x86/x64
ALPC
Advance LPC
AndrewSpecial
AndrewSpecial, dumping lsass' memory stealthily and bypassing "Cilence" since 2019.
artifacts-kit
Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
atom-bombing-
Brand New Code Injection for Windows https://breakingmalware.com/injection-techniques/atombombing-brand-new-code-injection-for-windows
atomic-red-team
Small and highly portable detection tests.
ATPMiniDump
Evading WinDefender ATP credential-theft
AV_Kernel_Vulns
Pocs for Antivirus Software‘s Kernel Vulnerabilities
awesome-windows-exploitation
x64dbg
An open-source x64/x32 debugger for windows.
FirstBlue's Repositories
FirstBlue/x64dbg
An open-source x64/x32 debugger for windows.
FirstBlue/beaengine
BeaEngine disasm project
FirstBlue/Blackbone
Windows memory hacking library
FirstBlue/BugChecker
SoftICE-like kernel debugger for Windows 11
FirstBlue/Detours
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
FirstBlue/dynamorio
Dynamic Instrumentation Tool Platform
FirstBlue/EasyHook
EasyHook - The reinvention of Windows API Hooking
FirstBlue/hwbp4mw
FirstBlue/HWSyscalls
HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
FirstBlue/HyperBone
Minimalistic VT-x hypervisor with hooks
FirstBlue/kdmapper-1
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
FirstBlue/KSOCKET
KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
FirstBlue/libwsk
The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).
FirstBlue/Lsass-Shtinkering
FirstBlue/lsquic
LiteSpeed QUIC and HTTP/3 Library
FirstBlue/Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
FirstBlue/NimDllSideload
DLL sideloading/proxying with Nim!
FirstBlue/ntdlll-unhooking-collection
different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
FirstBlue/ntqueueapcthreadex-ntdll-gadget-injection
This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret gadget can be used for stealthy code injection.
FirstBlue/openssl1_1-win-build
openssl-1.1 Windows build with Visual Studio.
FirstBlue/PIC_Bindshell
Position Independent Windows Shellcode Written in C
FirstBlue/picotls
TLS 1.3 implementation in C (master supports RFC8446 as well as draft-26, -27, -28)
FirstBlue/PPLcontrol
Controlling Windows PP(L)s
FirstBlue/Sandboxie
Sandboxie - Open Source
FirstBlue/Shoggoth
Shoggoth: Asmjit Based Polymorphic Encryptor
FirstBlue/SilentMoonwalk
PoC Implementation of a fully dynamic call stack spoofer
FirstBlue/UACME
Defeating Windows User Account Control
FirstBlue/VirtualKD-Redux
VirtualKD-Redux - A revival and modernization of VirtualKD
FirstBlue/zerosum0x0_SassyKitdi
Clone of zerosum0x0's Windows Kernel rootkit written in Rust
FirstBlue/zlib-win-build
zlib Windows build with Visual Studio.