Pinned Repositories
AetherVisor
Memory hacking library powered by AMD SVM
al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Alcatraz
x64 binary obfuscator
android-inline-hook
:fire: ShadowHook is an Android inline hook library which supports thumb, arm32 and arm64.
anti-ransomware-minifilter
A minifilter driver for detecting and blocking ransomware virus
Anti-Rootkit
Windows Anti-Rootkit Tool
Anti-Rootkit-1
Windows Anti-Rootkit Tool
cpp-ipc
C++ IPC Library: A high-performance inter-process communication using shared memory on Linux/Windows.
kernel-inline-hook
linux kernel inline hook
windows-kernel-pagehook
windows kernel pagehook
stdhu's Repositories
stdhu/atc22-ae
stdhu/vt-debuuger
a debugger use vt technology
stdhu/Blackbone
Windows memory hacking library
stdhu/ShellcodeFluctuation
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
stdhu/ThreadStackSpoofer
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
stdhu/perses
X86 Mutation Engine with Portable Executable compatibility.
stdhu/FileSystemSearch
stdhu/unicorn_pe
Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.
stdhu/CSCD70
CSCD70 Compiler Optimization
stdhu/be-injector
stdhu/eac-mapper
undetected eac mapper
stdhu/bedaisy-reversal
Some psuedo snippets from BattlEye's BEDaisy.sys loaded on Rainbow Six: Siege.
stdhu/Kernel-Bridge
Windows kernel hacking framework, driver template, hypervisor and API written on C++
stdhu/vmp2-devirtualization
vmp2.x virtualization
stdhu/CiDllDemo
Use ci.dll API for validating Authenticode signature of files
stdhu/Tigress_protection
Playing with the Tigress software protection. Break some of its protections and solve their reverse engineering challenges. Automatic deobfuscation using symbolic execution, taint analysis and LLVM.
stdhu/inipp
Simple C++ ini parser.
stdhu/Stealthy-Kernelmode-Injector
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)
stdhu/DdiMon
Monitoring and controlling kernel API calls with stealth hook using EPT
stdhu/NtRays
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.
stdhu/kHypervisor
kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x
stdhu/gbhv
Simple x86-64 VT-x Hypervisor with EPT Hooking
stdhu/Windows10EtwEvents
Events from all manifest-based and mof-based ETW providers across Windows 10 versions
stdhu/TicklingVMProtect
Assets for the "Tickling VMProtect with LLVM" blog post.
stdhu/FLIRTDB
A community driven collection of IDA FLIRT signature files
stdhu/NoVmp
A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
stdhu/BACWindows
An anti-cheat project that includes kernel mode.
stdhu/Stresser
Anti-Malware security solution for Windows environment.
stdhu/NoPatchGuardCallback
x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
stdhu/Themidie
x64dbg plugin to bypass Themida 3.x Anti-Debugger / VM / Monitoring programs checks (x64)