Pinned Repositories
buyHouseAnalyzer
開源台灣房市在線實價登錄分析工具
my-Little-Ransomware
easy ransomware module base on csharp.
PR0CESS
some gadgets about windows process and ready to use :)
puzzCode
simple compiler based on mingw to build uncrackable windows application against analysis tools
RunPE-In-Memory
Run a Exe File (PE Module) in memory (like an Application Loader)
sakeInject
Windows PE - TLS (Thread Local Storage) Injector in C/C++
Skrull
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
Windows-APT-Warfare
著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容
wowGrail
PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
wowInjector
PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
aaaddress1's Repositories
aaaddress1/PR0CESS
some gadgets about windows process and ready to use :)
aaaddress1/Windows-APT-Warfare
著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容
aaaddress1/buyHouseAnalyzer
開源台灣房市在線實價登錄分析工具
aaaddress1/The-Purified-Elements
The Purified Windows 11: without Defender, Updater, Patches, System Health, etc.
aaaddress1/ntkrnlProtectScan
One Click Tool to Scan All the Enabled Protection of current Windows NT Kernel
aaaddress1/Whisper.py
白癡喔還要下 pip install 誰會用啦—隨開即用 Windows 版 OpenAI Whisper 逐字稿產生器
aaaddress1/Word2Vec.py
Word2Vec written in pure Numpy
aaaddress1/24h2-nt-exploit
Exploit targeting NT kernel in 24H2 Windows Insider Preview
aaaddress1/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
aaaddress1/picoGPT
aaaddress1/avred
Analyse your malware to surgically obfuscate it
aaaddress1/EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
aaaddress1/I-S00N
aaaddress1/NerfDefender
BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
aaaddress1/pylnk
Python library for reading and writing Windows shortcut files (.lnk). Python 3 only.
aaaddress1/VMPilot
VMPilot: A Modern C++ Virtual Machine SDK
aaaddress1/akamai-security-research
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.
aaaddress1/CVE-2023-36884-MS-Office-HTML-RCE
MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit
aaaddress1/CYBERSEC2023-BYOVD-Demo
aaaddress1/file-archiver-in-the-browser
aaaddress1/HyperDeceit
HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate operating system tasks with ease.
aaaddress1/IconJector
Unorthodox and stealthy way to inject a DLL into the explorer using icons
aaaddress1/KExecDD
Admin to Kernel code execution using the KSecDD driver
aaaddress1/LLaMA-LoRA-Tuner
UI tool for fine-tuning and testing your own LoRA models with LLaMA. One-click run on Google Colab.
aaaddress1/nanoRWKV
The nanoGPT-style implementation of RWKV Language Model - an RNN with GPT-level LLM performance.
aaaddress1/oracle-machine
aaaddress1/PatchGuardBypass
Bypassing PatchGuard on modern x64 systems
aaaddress1/rp
rp++ is a fast C++ ROP gadget finder for PE/ELF/Mach-O x86/x64/ARM/ARM64 binaries.
aaaddress1/Terminator
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
aaaddress1/VMProtect-Source
Source of VMProtect (NOT OFFICIALLY)