Pinned Repositories
AetherVisor
Memory hacking library powered by AMD SVM
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Alcatraz
x64 binary obfuscator
android-inline-hook
:fire: ShadowHook is an Android inline hook library which supports thumb, arm32 and arm64.
anti-ransomware-minifilter
A minifilter driver for detecting and blocking ransomware virus
Anti-Rootkit
Windows Anti-Rootkit Tool
Anti-Rootkit-1
Windows Anti-Rootkit Tool
cpp-ipc
C++ IPC Library: A high-performance inter-process communication using shared memory on Linux/Windows.
kernel-inline-hook
linux kernel inline hook
windows-kernel-pagehook
windows kernel pagehook
stdhu's Repositories
stdhu/AetherVisor
Memory hacking library powered by AMD SVM
stdhu/android-inline-hook
:fire: ShadowHook is an Android inline hook library which supports thumb, arm32 and arm64.
stdhu/Anti-Rootkit-1
Windows Anti-Rootkit Tool
stdhu/AppScan
安全隐私卫士(AppScan)一款免费的企业级自动化隐私检测工具。
stdhu/cursor
An editor made for programming with AI 🤖
stdhu/Divert
WinDivert: Windows Packet Divert
stdhu/donut
Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
stdhu/Hades-Windows
Hades HIDS/HIPS for Windows
stdhu/HowToCook
程序员在家做饭方法指南。Programmer's guide about how to cook at home (Chinese only).
stdhu/i7j-rups
RUPS is an acronym for Reading and Updating PDF Syntax. RUPS is a tool built on top of iText® that allows you to look inside a PDF document and browse the different PDF objects and content streams.
stdhu/iOSSecurity
《iOS安全测试与安全研究》
stdhu/krabsetw
KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
stdhu/KRWX
Kernel Read Write Execute
stdhu/LdrDllNotificationHook
Hook all callbacks which are registered with LdrRegisterDllNotification
stdhu/mutante
Kernel-mode Windows HWID spoofer
stdhu/PatchGuardBypass
Bypassing PatchGuard on modern x64 systems
stdhu/PE-Obfuscator
PE obfuscator with Evasion in mind
stdhu/pe-sieve
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
stdhu/PoolMonXv3
Monitor Kernel pool allocations tags
stdhu/RemoteCall
stdhu/ReverseKit
x64 Dynamic Reverse Engineering Toolkit
stdhu/sigma
Main Sigma Rule Repository
stdhu/simplewall
Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
stdhu/SKRoot-linuxKernelRoot
新一代SKRoot,挑战全网root检测手段,跟面具完全不同思路,摆脱面具被检测的弱点,完美隐藏root功能,全程不需要暂停SELinux,实现真正的SELinux 0%触碰,通用性强,通杀所有内核,不需要内核源码,直接patch内核,兼容安卓APP直接JNI调用,稳定、流畅、不闪退。
stdhu/sqlite_orm
❤️ SQLite ORM light header only library for modern C++
stdhu/Triton
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
stdhu/UACME
Defeating Windows User Account Control
stdhu/VmWareThrough
stdhu/WindowsKernelBook
《Windows 内核安全编程技术实践》 系列丛书,探索 Anti RootKit 反内核工具核心原理与技术实现细节。 The series of "Windows Kernel Security Programming Technology Practice" explores the core principles and technical implementation details of the Anti RootKit anti kernel tool.
stdhu/winipt
The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by Windows 10 Redstone 5 (1809), through a set of libraries and a command-line tool.