Pinned Repositories
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
autochk-rootkit
Reverse engineered source code of the autochk rootkit
awesome-rat
RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.
BlackLotus
BlackLotus UEFI Windows Bootkit
CallStack-Spoofer
This tool will allow you to spoof the return addresses of your functions as well as system functions.
doublepulsar-usermode-injector
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
DuckSandboxDetect
沙箱测试,测评国内常见沙箱的代码与结论
MyWheel
自己造轮子,不会造找代码造
Windows-Kernel-Programing
Windows-Kernel-Programing
guapizhu's Repositories
guapizhu/MyWheel
自己造轮子,不会造找代码造
guapizhu/Windows-Kernel-Programing
Windows-Kernel-Programing
guapizhu/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
guapizhu/atomic-red-team
Small and highly portable detection tests based on MITRE's ATT&CK.
guapizhu/autochk-rootkit
Reverse engineered source code of the autochk rootkit
guapizhu/awesome-rat
RAT And C&C Resources. 250+ Open Source Projects, 1200+ RAT/C&C blog/video.
guapizhu/BlackLotus
BlackLotus UEFI Windows Bootkit
guapizhu/CallStack-Spoofer
This tool will allow you to spoof the return addresses of your functions as well as system functions.
guapizhu/doublepulsar-usermode-injector
A utility to use the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process, for use in testing detection techniques or other security research.
guapizhu/DuckSandboxDetect
沙箱测试,测评国内常见沙箱的代码与结论
guapizhu/dumpext
WinDbg debugger extension library providing various tools to analyse, dump and fix (restore) Microsoft Portable Executable files for both 32 (PE) and 64-bit (PE+) platforms.
guapizhu/EvilClippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
guapizhu/free-api
收集免费的接口服务,做一个api的搬运工
guapizhu/guapizhu.github.io
guapizhu/HackerTools
使用MFC编写的病毒技术合集
guapizhu/HideDriver
之前那份是7600的,每次编译搞得好麻烦。更新一个VS2017可以直接编译的。
guapizhu/injectAllTheThings
Seven different DLL injection techniques in one single project.
guapizhu/libpeconv
A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
guapizhu/malware
malware source codes
guapizhu/MalwareSourceCode
Collection of malware source code for a variety of platforms in an array of different programming languages.
guapizhu/MatrixLIB
一个基于模板的C++矩阵运算库,简单易用,支持加减乘除转置求逆等常用运算. A template based C++ matrix operation library, which is simple and easy to use, and supports common operations such as addition, subtraction, multiplication and division, transposition and inversion.
guapizhu/MemoryModule
Library to load a DLL from memory.
guapizhu/NativeLib
涵盖了了几乎全部的用户模式可用的NT本机API和Windows窗口站API的声明与定义
guapizhu/NewHideDriverEx
Hide Driver By MiProcessLoaderEntry
guapizhu/pelauncher
Portable Executable launcher for Windows NT bypassing loader
guapizhu/rcedit
Command line tool to edit resources of exe
guapizhu/SimpleRemoter
基于gh0st的远程控制器:实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能,优化全部代码及整理排版,修复内存泄漏缺陷,程序运行稳定。此项目初版见:https://github.com/zibility/Remote
guapizhu/spectre
A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
guapizhu/Windows-driver-samples
This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.