cr-0w's Stars
sashs/Ropper
Display information about files in different file formats and find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC, SPARC64). For disassembly ropper uses the awesome Capstone Framework.
zodiacon/windowskernelprogrammingbook
The Windows Kernel Programming book samples
mertdas/SharpTerminator
Terminate AV/EDR Processes using kernel driver
ZeroMemoryEx/Terminator
Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes
ayoubfaouzi/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
namazso/MagicSigner
Signtool for expired certificates
mandiant/flare-floss
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.
CBHue/PyFuscation
Obfuscate powershell scripts by replacing Function names, Variables and Parameters.
klezVirus/chameleon
PowerShell Script Obfuscator
Crypt0s/Ekko_CFG_Bypass
A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
davepl/blackjack
Examples of using unique_ptr and vector
R3x/How2Kernel
This Repository aims at giving a basic idea about Kernel Exploitation.
x0reaxeax/PageSplit
Splitting and executing shellcode across multiple pages
eversinc33/Banshee
Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
Cracked5pider/Stardust
A modern 64-bit position independent implant template
Cracked5pider/CodeCave
A bunch of scripts and code i wrote.
WerWolv/ImHex
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
hasherezade/pe-bear
Portable Executable reversing tool with a friendly GUI
frank2/packer-tutorial
A tutorial on how to write a packer for Windows!
NUL0x4C/HellShell
transform your payload into ipv4/ipv6/mac arrays
memN0ps/venom-rs
Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
kyleavery/AceLdr
Cobalt Strike UDRL for memory scanner evasion.
BishopFox/sliver
Adversary Emulation Framework
JLospinoso/gargoyle
A memory scanning evasion technique
joe-desimone/patriot
WithSecureLabs/TickTock
winsiderss/systeminformer
A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com
VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
wavestone-cdt/EDRSandblast
zodiacon/EtwExplorer
View ETW Provider manifest