Pinned Repositories
arkCrypter
Compile-time + Lifetime, Usermode + Kernelmode, safe and lightweight string crypter library for C++17+, based on skCrypter
GarHal_CSGO
A project that demonstrates how to screw with CSGO from Kernel Space. (CSGO Kernel Cheat/Hack) All cleaned up, and with updated offsets.
GeoIP2-CN
小巧精悍、准确、实用 GeoIP2 数据库
HyperHide
Hypervisor based anti anti debug plugin for x64dbg
kdmapper
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
Kernel-VAD-Injector
Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
kernel_payload_comms
A proof of concept demonstrating communication via mapped shared memory structures between a user-mode process and a kernel-mode payload on Windows 10 20H2.
modmap
Module extending manual mapper
Poseidon
Stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device objects.
Remap
RKRestart's Repositories
RKRestart/arkCrypter
Compile-time + Lifetime, Usermode + Kernelmode, safe and lightweight string crypter library for C++17+, based on skCrypter
RKRestart/GarHal_CSGO
A project that demonstrates how to screw with CSGO from Kernel Space. (CSGO Kernel Cheat/Hack) All cleaned up, and with updated offsets.
RKRestart/GeoIP2-CN
小巧精悍、准确、实用 GeoIP2 数据库
RKRestart/HyperHide
Hypervisor based anti anti debug plugin for x64dbg
RKRestart/kdmapper
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
RKRestart/Kernel-VAD-Injector
Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
RKRestart/kernel_payload_comms
A proof of concept demonstrating communication via mapped shared memory structures between a user-mode process and a kernel-mode payload on Windows 10 20H2.
RKRestart/modmap
Module extending manual mapper
RKRestart/Poseidon
Stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device objects.
RKRestart/Remap
RKRestart/Self-Remapping-Code
This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemory.
RKRestart/Stealthy-Kernelmode-Injector
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)
RKRestart/ThePerfectInjector
Literally, the perfect injector.