Pinned Repositories
AppContainerBypass
AppContainerBypass
CVE-2019-0708-EXP-Windows
CVE-2019-0708-EXP-Windows版单文件exe版,运行后直接在当前控制台反弹System权限Shell
CVE-2020-0787-EXP-ALL-WINDOWS-VERSION
Support ALL Windows Version
CVE-2020-1066-EXP
CVE-2020-1066-EXP支持Windows 7和Windows Server 2008 R2操作系统
DIYDynamoRIO
动态二进制插桩框架DynamoRIO通过将程序代码进行反复插桩(Instrumentation)执行构建了源程序代码与操纵代码之间的桥梁,使DynamoRIO的客户端编写者能够在更高的层面上驾驭原有的程序代码.虽然程序的载体还是被编译成原生的汇编指令集执行,但是不管是原生代码还是程序行为逻辑DynamoRIO为我们提供丰富的API已经把这些封装成了足够友好操作方式暴露给客户端编写者使用,用户可以透明的修改原有的程序代码(HotPatch),执行追踪,Hook,调试,模拟等高级运行时操纵(Runtime Code Manipulation )技术.本文主要分析DynamoRIO插桩的主要流程和实现原理,深入源码片段中几个有意思的小节体现作者构思的巧妙之处,并附加相关demo分析让读者加深对DynamoRIO的认识.
llvmanalyzer
笔者在一款基于LLVM编译器架构的retdec开源反编译器工具的基础上,融合了klee符号执行工具,通过符号执行(Symbolic Execution)引擎动态模拟反编译后的llvm的ir(中间指令集)运行源程序的方法,插桩所有的对x86指令集的thiscall类型函数对this指针结构体(也就是rcx寄存器,简称this结构)偏移量引用,经行分析汇总后自动识别this结构体的具体内容,并自动集成导入ida工具辅助分析.
poolfengshui
笔者的在原作者池风水利用工具(以下简称工具)基础上进行二次开发,新增了全自动获取内核调试模块符号的偏移量及配置参数和不同漏洞利用方式优化等功能, 解决了不同Windows版本适配问题,工具包括适配驱动和利用程序两部分组成,实现了在Windows 10 19H1之后任意版本包括满补丁系统上的稳定利用.
unicorn-whpx
跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式提供了另一种CPU指令的模拟方式,在保持原有unicorn导出接口不变的情况下,采用Hyper-v支持带硬件虚拟化支持的Windows Hypervisor Platform API接口扩展了底层CPU模拟环境实现,支持X86指令集二进制程序模拟平台和调试器.
windbg-uefi
这篇文章的目的是介绍一款实验性项目基于COM命名管道或者Windows Hyper-V虚拟机Vmbus通道实现的运行在uefi上的windbg调试引擎开发心得
windbg-wireshark
windbg调试协议wireshark抓包解析插件
cbwang505's Repositories
cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSION
Support ALL Windows Version
cbwang505/windows-XP-SP1
网上泄露的Windows XP SP1 source code
cbwang505/Heptagram
This project is used to collect the EXP/POC disclosed on the Internet and provide project support for Heptagram security team.
cbwang505/nt5src
Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.
cbwang505/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
cbwang505/SMBGhost
Scanner for CVE-2020-0796 - SMBv3 RCE
cbwang505/Alaya
A webdav enabled webserver mostly focused on file storage
cbwang505/awesome-hyper-v-exploitation
A curated list of Hyper-V exploitation resources, fuzzing and vulnerability research.
cbwang505/Bonobo-Git-Server
Bonobo Git Server for Windows is a web application you can install on your IIS and easily manage and connect to your git repositories. Go to homepage for release and more info.
cbwang505/CVE-2020-1034
PoC demonstrating the use of cve-2020-1034 for privilege escalation
cbwang505/CVE-2021-1732-Exploit
CVE-2021-1732 Exploit
cbwang505/dnSpy
.NET debugger and assembly editor
cbwang505/ge-ethernet-SRTP
Working Demo of Proprietary GE SRTP PLC Communication Protocol (GE Ethernet)
cbwang505/HexRaysDeob
Hex-Rays microcode API plugin for breaking an obfuscating compiler
cbwang505/ipxe
iPXE network bootloader
cbwang505/Kernel-Anit-Anit-Debug-Plugins
Kernel Anit Anit Debug Plugins 内核反反调试插件
cbwang505/libwfp
C++ library for interacting with the Windows Filtering Platform (WFP)
cbwang505/License-to-Kill
cbwang505/llvm
An LLVM clone modified for use in RetDec and associated tools.
cbwang505/oleviewdotnet
A .net OLE/COM viewer and inspector to merge functionality of OleView and Test Container
cbwang505/OpenArk
OpenArk is an open source anti-rookit(ARK) tool for Windows.
cbwang505/ProcMonXv2
Process Monitor X v2
cbwang505/qiling
Qiling Advanced Binary Emulation Framework
cbwang505/Reverse-Engineering-Arsenal
Useful Scripts for helping in reverse engeenering
cbwang505/RunInSandbox
Sample code for launching Windows executables & COM servers in a sandboxed environment
cbwang505/Sharp7
Nuget package for Sharp7
cbwang505/smartdec
SmartDec decompiler
cbwang505/uGESRTP
GE Inteligent PLCs communication protocol
cbwang505/wil
Windows Implementation Library
cbwang505/Windows-Driver-Frameworks
WDF makes it easy to write high-quality Windows drivers