Pinned Repositories
AetherVisor
Memory hacking library powered by AMD SVM
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Alcatraz
x64 binary obfuscator
android-inline-hook
:fire: ShadowHook is an Android inline hook library which supports thumb, arm32 and arm64.
anti-ransomware-minifilter
A minifilter driver for detecting and blocking ransomware virus
Anti-Rootkit
Windows Anti-Rootkit Tool
Anti-Rootkit-1
Windows Anti-Rootkit Tool
cpp-ipc
C++ IPC Library: A high-performance inter-process communication using shared memory on Linux/Windows.
kernel-inline-hook
linux kernel inline hook
windows-kernel-pagehook
windows kernel pagehook
stdhu's Repositories
stdhu/nohv
Kernel driver for detecting Intel VT-x hypervisors.
stdhu/refl-cpp
Static reflection for C++17 (compile-time enumeration, attributes, proxies, overloads, template functions, metaprogramming).
stdhu/Pluto-Obfuscator
Obfuscator based on LLVM 12.0.1
stdhu/hvmi
Hypervisor Memory Introspection Core Library
stdhu/openedr
Open EDR public repository
stdhu/iMonitor
iMonitor(冰镜 - 终端行为分析系统)
stdhu/windows-kernel-pagehook
windows kernel pagehook
stdhu/BLUESPAWN
An Active Defense and EDR software to empower Blue Teams
stdhu/oxorany
obfuscated any constant encryption in compile time on any platform
stdhu/bddisasm
bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.
stdhu/kernel-inline-hook
linux kernel inline hook
stdhu/sehcall
Windows X64 mode use seh in manual mapped dll or manual mapped sys
stdhu/Windows-Kernel-Explorer
A free but powerful Windows kernel research tool.
stdhu/HexRaysPyTools
IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes
stdhu/TinyPDBParser
Windows PDB Parser using Imagehlp library.
stdhu/ProcMonXv2
Process Monitor X v2
stdhu/retdec-idaplugin
RetDec plugin for IDA
stdhu/DuckMemoryScan
检测绝大部分所谓的内存免杀马
stdhu/awesome-windows-kernel-security-development
windows kernel security development
stdhu/SandboxBootkit
Bootkit for Windows Sandbox to disable DSE/PatchGuard.
stdhu/KSOCKET
KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
stdhu/binary-parsing
A list of generic tools for parsing binary data structures, such as file formats, network protocols or bitstreams
stdhu/Ntoskrnl_Viewer
可在非测试模式下符号化读取内核内存。Kernel memory can be read symbolically in non test mode。
stdhu/VMP3-Disasm
Experimental disassembler for x86 binaries virtualized by VMProtect 3
stdhu/EasyPdb
A very simple C++ library for download pdb, get rva of function, global variable and offset from struct.
stdhu/KTL
Kernel Template Library: STL-style containers and tools for Windows kernel space programming
stdhu/TitanHide
Hiding kernel-driver for x86/x64.
stdhu/KACE
Emulate Drivers in RING3 with self context mapping or unicorn
stdhu/ProcMon-for-Linux
Procmon is a Linux reimagining of the classic Procmon tool from the Sysinternals suite of tools for Windows. Procmon provides a convenient and efficient way for Linux developers to trace the syscall activity on the system.
stdhu/hidden
🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc