Pinned Repositories
Atom_bombing
Commented version of Atom_bombing injection technique. Original source code from https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows
Carberp
Carberp Banking Trojan
CreateProcess
A simple C++ app to demo the use of CreateProcess() ,WaitForSingleObject() and use of handles.
DanSpecial
Weaponizing Gigabyte driver for priv escalation and bypass PPL
DrvMon
Advanced driver monitoring utility.
FileTest
Source code for File Test - Interactive File System Test Tool
malware-source-nanomites
NtCreateUserProcess_
peta909's Repositories
peta909/DanSpecial
Weaponizing Gigabyte driver for priv escalation and bypass PPL
peta909/VirtualDeobfuscator-1
Reverse engineering tool for virtualization wrappers
peta909/ABD
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
peta909/aplib
Module for decompressing aPLib compressed data
peta909/balbuzard
Balbuzard is a package of malware analysis tools in python to extract patterns of interest from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.
peta909/chacha20
Pure Python 2 and Python 3 implementations of the ChaCha20 stream cipher
peta909/cpu-internals
Intel / AMD CPU Internals
peta909/ctf-writeups
CTF writeups
peta909/drakvuf-sandbox
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
peta909/Dumpert
LSASS memory dumper using direct system calls and API unhooking.
peta909/ebooks
peta909/fuckVmp3
fuck like title.
peta909/HyperBone
Minimalistic VT-x hypervisor with hooks
peta909/hypervisor
lightweight hypervisor SDK written in C++ with support for Windows, Linux and UEFI
peta909/IDAGolangHelper
Set of IDA Pro scripts for parsing GoLang types information stored in compiled binary
peta909/idapython-cheatsheet
Scripts and cheatsheets for IDAPython
peta909/InfinityHook
Hook system calls, context switches, page faults and more.
peta909/kHypervisor
kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x
peta909/Malware-Analysis-Training
Retired beginner/intermediate malware analysis training materials from @pedramamini and @erocarrera.
peta909/MemoryModule
Library to load a DLL from memory.
peta909/MyHyperVisor
peta909/pcode2code
a vba pcode decompiler based on pcodedmp
peta909/pinjectra
Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
peta909/Ransomware_RAASNet
Ransomware As A Service (By @TheRealZeznzo)
peta909/RedSea
Music downloader for Tidal, revived
peta909/RevengeRAT-Stub-CSsharp
Revenge-RAT C# Stub - Fixed
peta909/Sandboxie
Open Source Sandboxie
peta909/ScyllaHide
Advanced usermode anti-anti-debugger
peta909/sdk-api
Public contributions for win32 API documentation
peta909/SimpleVisor
SimpleVisor is a simple, portable, Intel VT-x hypervisor with two specific goals: using the least amount of assembly code (10 lines), and having the smallest amount of VMX-related code to support dynamic hyperjacking and unhyperjacking (that is, virtualizing the host state from within the host). It works on Windows and UEFI.