online-9's Stars
xoreaxeaxeax/movfuscator
The single instruction C compiler
capstone-engine/capstone
Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86.
LordNoteworthy/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
trustedsec/ptf
The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
dsasmblr/game-hacking
Tutorials, tools, and more as related to reverse engineering video games.
ThunderCls/xAnalyzer
xAnalyzer plugin for x64dbg
ldionne/dyno
Runtime polymorphism done right
stevemk14ebr/PolyHook
x86/x64 C++ Hooking Library
richgel999/lzham_codec
Lossless data compression codec with LZMA-like ratios but 1.5x-8x faster decompression speed, C/C++
sam-b/windows_kernel_address_leaks
Examples of leaking Kernel Mode information from User Mode on Windows
vmcall/loadlibrayy
x64 manualmapper with kernel elevation and thread hijacking capabilities
xdavidhu/lanGhost
👻 A LAN dropbox chatbot controllable via Telegram
gellin/TeamViewer_Permissions_Hook_V1
A proof of concept injectable C++ dll, that uses naked inline hooking and direct memory modification to change your TeamViewer permissions.
0blio/Caesar
An HTTP based RAT (Remote Administration Tool) that allows you to remotely control devices from your browser
r4stl1n/SSH-Brute-Forcer
A Simple Multi-Threaded SSH Brute Forcer
waryas/EUPMAccess
This DKOM exploit enables any app in usermode to access physical memory directly
vlad902/hacking-team-windows-kernel-lpe
Previously-0day exploit from the Hacking Team leak, written by Eugene Ching/Qavar.
BenjaminKim/dokanx
user-mode filesystem framework for Windows
kwilcz/Antario
Clean base/cheat made for CS:GO.
vmcall/ElevateMe
Handle access elevation via direct kernel object manipulation
cbayet/PoolSprayer
Simple library to spray the Windows Kernel Pool
K2/ADMMutate
Classic code from 1999+ I am fairly sure this is the first public polymorphic shellcode ever (best IMHO and others http://ids.cs.columbia.edu/sites/default/files/ccs07poly.pdf :) If I ever port this to 64 or implement a few other suggestions (sorry I lost ppc code version contributed) it will be orders of magnitude more difficult to spot, so I hope nobody uses signatures for anything (virus / malware scanners included).
vic4key/Cat-Driver
CatDriver - The Kernel Mode Driver that written in C++. It is an useful driver and has the highest privilege level on the Windows platform. It can be used for Game Hacking and others.
d366/DarkMMap
Manual PE image mapper
NtRaiseHardError/Dreadnought
PoC for detecting and dumping code injection (built and extended on UnRunPE)
muffins/rookit_playground
Educational repository for learning about rootkits and Windows Kernel Hooks.
weixu8/RegistryMonitor
Formely KMon, a Windows Kernel Driver designed to prevent malware attacks by monitoring the creation of registry keys in common autorun locations and prompting the user whether they want to allow the creation of the key. More of an experiment into Kernel level SSDT hooks but a fun project nonetheless
csAlphyy/kiwibase
etzih/ssde
Small Scalable Disassembler Engine
TheServer201/usde
Ultra Small Disassembler Engine