Pinned Repositories
buyHouseAnalyzer
開源台灣房市在線實價登錄分析工具
my-Little-Ransomware
easy ransomware module base on csharp.
PR0CESS
some gadgets about windows process and ready to use :)
puzzCode
simple compiler based on mingw to build uncrackable windows application against analysis tools
RunPE-In-Memory
Run a Exe File (PE Module) in memory (like an Application Loader)
sakeInject
Windows PE - TLS (Thread Local Storage) Injector in C/C++
Skrull
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
Windows-APT-Warfare
著作《Windows APT Warfare:惡意程式前線戰術指南》各章節技術實作之原始碼內容
wowGrail
PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)
wowInjector
PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)
aaaddress1's Repositories
aaaddress1/sakeInject
Windows PE - TLS (Thread Local Storage) Injector in C/C++
aaaddress1/wow64Jit
Call 32bit NtDLL API directly from WoW64 Layer
aaaddress1/SignThief
Windows PE Signature Thief in C++
aaaddress1/masqueradeCmdline
A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.
aaaddress1/moska
Tiny Windows x86 Assembly Compiler in C++ and Keystone Engine
aaaddress1/vodka
.NET PE file parser in C/C++
aaaddress1/disCIL
CIL (MSIL) Disassembler Written In Pure C/C++. Rewrite from Mono Project
aaaddress1/Defeat-Defender
Powerful batch script to dismantle complete windows defender protection and even bypass tamper protection
aaaddress1/Obfuscate
Guaranteed compile-time string literal obfuscation header-only library for C++14
aaaddress1/PE_Toy
aaaddress1/iced
High performance and correct x86/x64 disassembler, assembler, decoder, encoder for .NET, Rust, JavaScript
aaaddress1/base64
base64 c implementation
aaaddress1/CLRHost
Demonstrates hosting CLR objects from x86_64 assembly
aaaddress1/Malware-Detection-Using-Machine-Learning
Multi-class malware classification using Deep Learning
aaaddress1/PolyHook_2_0
C++17, x86/x64 Hooking Libary v2.0
aaaddress1/REDasm
The OpenSource Disassembler
aaaddress1/uthenticode
A cross-platform library for verifying Authenticode signatures
aaaddress1/winchecksec
Checksec, but for Windows: static detection of security mitigations in executables
aaaddress1/awesome-osint
:scream: A curated list of amazingly awesome OSINT
aaaddress1/Cooolis-ms
Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具,它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码,帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。
aaaddress1/PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual.
aaaddress1/sgn
Shikata ga nai (仕方がない) encoder ported into go with several improvements
aaaddress1/SharpHandler
aaaddress1/simpleCoreCLRHost
This C++ app allows to run custom C# method from compiled C# .dll on Linux and OS X using coreCLR.
aaaddress1/sk3wldbg
Debugger plugin for IDA Pro backed by the Unicorn Engine
aaaddress1/TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
aaaddress1/TransactionMaster
A tool for Windows that can make any program work within file-system transactions.
aaaddress1/VBAFunctionPointers
aaaddress1/WindowsExploits
Windows exploits, mostly precompiled. Not being updated. Check https://github.com/SecWiki/windows-kernel-exploits instead.
aaaddress1/wow64pp
A modern c++ implementation of windows heavens gate