Github Security Daily Repository.
- 尝试记录github项目并添加关键词便于检索
https://github.com/plackyhacker/UnhookBitDefender
通过ReMapping的方式绕过bitdefender的api hook (c#)
https://github.com/tihanyin/PSSW100AVB
100%(2021_09)静态免杀的powershell脚本 (ps1)
https://github.com/ouqiang/goproxy
Go HTTP(S)代理库, 支持中间人代理解密HTTPS (go)
https://github.com/timwhitez/DarkLoadLibrary
DarkLoadLibrary在VS2019 x64 release下的可用版本#非最新版 (c)
https://github.com/rookuu/BOFs/tree/main/MiniDumpWriteDump
重写MiniDunpWriteDump bof (c)
https://github.com/w1u0u1/minidump
MiniDumpWriteDump函数的自定义实现。使用静态系统调用替换低级函数,借鉴了上述项目(c)
https://github.com/k4nfr3/Dumpert
dumpert修改项目,绕过本地字符串拦截,mcafee等(c)
https://github.com/bats3c/DarkLoadLibrary
代替LoadLibrary,更隐蔽(c)
https://github.com/panagioto/SyscallHide
采用Syscall添加注册表后门(cpp)
https://github.com/mgeeky/ShellcodeFluctuation/releases/tag/v0.2
内存免杀项目v0.2版本,修改后的protect从RW更新为NO_ACCESS,修改Protect还原值为初始值 (cpp)
https://github.com/Tylous/SourcePoint/releases/tag/2.0
Cobalt Strike profile配置生成工具SourcePoint大版本更新v2.0 (go)
https://github.com/codewhitesec/HandleKatz
通过lsass句柄克隆进行转储与混淆 (c)
https://github.com/thefLink/C-To-Shellcode-Examples
C源码转换为shellcode, 按照模板编写C代码以实现与位置无关shellcode存在.text段并可直接提取使用 (c)
https://github.com/JustasMasiulis/inline_syscall
添加标头的方式以实现方便的系统调用/syscall (cpp)
https://github.com/boku7/Ninja_UUID_Dropper
Module Stomping + UUID注入 + HellsGate + HalosGate + EnumSystemLocalesA(回调执行,无新线程) (c)
https://github.com/vxunderground/WinAPI-Tricks
恶意软件使用或滥用的各种 WINAPI 技巧/功能的集合, 反调试,字符串哈希等 (c)
https://github.com/hydra13142/sma
golang实现的多种字符串匹配算法 (go)
https://github.com/mgeeky/ThreadStackSpoofer
线程堆栈欺骗,通过sleep时修改_AddressOfReturnAddress()地址实现断链 (cpp)
https://github.com/ORCA666/WHALE
基于Huan项目的修改,加入反沙箱,反调试等 (c/cpp)
https://github.com/slaeryan/AQUARMOURY/blob/master/Wraith/Src/Injector.h
"Advanced Bird" APC Queue Code Injection(cpp)