Pinned Repositories
buyHouseAnalyzer
開源台灣房市在線實價登錄分析工具
my-Little-Ransomware
easy ransomware module base on csharp.
PR0CESS
some gadgets about windows process and ready to use :)
puzzCode
simple compiler based on mingw to build uncrackable windows application against analysis tools
RunPE-In-Memory
Run a Exe File (PE Module) in memory (like an Application Loader)
sakeInject
Windows PE - TLS (Thread Local Storage) Injector in C/C++
Skrull
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
Windows-APT-Warfare
著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容
wowGrail
PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
wowInjector
PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
aaaddress1's Repositories
aaaddress1/PR0CESS
some gadgets about windows process and ready to use :)
aaaddress1/Windows-APT-Warfare
著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容
aaaddress1/buyHouseAnalyzer
開源台灣房市在線實價登錄分析工具
aaaddress1/The-Purified-Elements
The Purified Windows 11: without Defender, Updater, Patches, System Health, etc.
aaaddress1/ntkrnlProtectScan
One Click Tool to Scan All the Enabled Protection of current Windows NT Kernel
aaaddress1/Whisper.py
白癡喔還要下 pip install 誰會用啦—隨開即用 Windows 版 OpenAI Whisper 逐字稿產生器
aaaddress1/PowerCursor
Auto Move Your Cursor to the Focused Window while You Alt-Tab or Touchboard for Windows
aaaddress1/24h2-nt-exploit
Exploit targeting NT kernel in 24H2 Windows Insider Preview
aaaddress1/IconJector
Unorthodox and stealthy way to inject a DLL into the explorer using icons
aaaddress1/PromptCopy
aaaddress1/EDRSilencer
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
aaaddress1/oracle-machine
aaaddress1/PrivFu
Kernel mode WinDbg extension and PoCs for token privilege investigation.
aaaddress1/avred
Analyse your malware to surgically obfuscate it
aaaddress1/BlueTeam-Tools
Tools and Techniques for Blue Team / Incident Response
aaaddress1/CVE-2024-30090
CVE-2024-30090 - LPE PoC
aaaddress1/EDR-Preloader
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
aaaddress1/I-S00N
aaaddress1/NerfDefender
BOF and C++ implementation of the Windows Defender sandboxing technique described by Elastic Security Labs/Gabriel Landau.
aaaddress1/pytorch-seq2seq
Tutorials on implementing a few sequence-to-sequence (seq2seq) models with PyTorch and TorchText.
aaaddress1/VMPilot
VMPilot: A Modern C++ Virtual Machine SDK
aaaddress1/akamai-security-research
This repository includes code and IoCs that are the product of research done in Akamai's various security research teams.
aaaddress1/AsmDepictor
Official implementation of AsmDepictor, "A Transformer-based Function Symbol Name Inference Model from an Assembly Language for Binary Reversing", In the 18th ACM Asia Conference on Computer and Communications Security AsiaCCS '2023
aaaddress1/CVE-2023-36884-MS-Office-HTML-RCE
MS Office and Windows HTML RCE (CVE-2023-36884) - PoC and exploit
aaaddress1/CVE-2024-7479_CVE-2024-7481
TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.
aaaddress1/KExecDD
Admin to Kernel code execution using the KSecDD driver
aaaddress1/nanoRWKV
The nanoGPT-style implementation of RWKV Language Model - an RNN with GPT-level LLM performance.
aaaddress1/phnt
Native API header files for the System Informer project.
aaaddress1/process-cloning
The Definitive Guide To Process Cloning on Windows
aaaddress1/Terminator
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes