Pinned Repositories
AheadLib64
x64 dll hijacking tool(like AheadLib)
Blackbone
Windows memory hacking library
blog_material
DisPg
dll2shellcode
dll转shellcode工具
EACReversing
Reversing EasyAntiCheat.
ishellcode
shellcode注入测试工具
qq_revoke_patch
QQ防撤回补丁
Scylla
Imports Reconstructor
Shark
Turn off PatchGuard in real time for win7 (7600) ~ win10 (17763).
w1nds's Repositories
w1nds/vmprotect-3.5.1
w1nds/ACPI_SANDBOX_DETECT
通过ACPI检测沙箱
w1nds/al-khaser
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
w1nds/Amsi-Killer
Lifetime AMSI bypass
w1nds/arp-spoofing-go
基于go语言实现的ARP欺骗工具,支持局域网内主机扫描,ARP投毒、中间人攻击、敏感信息嗅探,HTTP报文嗅探
w1nds/Banshee
Experimental Windows x64 Kernel Rootkit.
w1nds/Beacon_Source
not a reverse-engineered version of the Cobalt Strike Beacon
w1nds/DRat
去中心化远程控制工具(Decentralized Remote Administration Tool),通过ENS实现了配置文件分发的去中心化,通过Telegram实现了服务端的去中心化
w1nds/drivers-binaries
Exploitable drivers, you know what I mean
w1nds/Drv_Hide_And_Camouflage
w1nds/EDRception
A proof of concept for abusing exception handlers to hook and bypass user mode EDR hooks.
w1nds/EDRs
w1nds/EDRSandblast
w1nds/ETWProcessMon2
ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.
w1nds/GhostDriver
yet another AV killer tool using BYOVD
w1nds/GraphStrike
Cobalt Strike HTTPS beaconing over Microsoft Graph API
w1nds/Ingram
网络摄像头漏洞扫描工具 | Webcam vulnerability scanning tool
w1nds/inline-syscall
Inline syscalls made for MSVC supporting x64 and x86
w1nds/LOLDrivers
Living Off The Land Drivers
w1nds/minihttp
A minimal 2-file (cpp+h) TCP & HTTP client implementation. Supports GET & simple POST. Optional SSL via PolarSSL/mbedTLS. Cross-platform, uses POSIX or Win32 API. C++03 with STL.
w1nds/Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
w1nds/ntoskrnl
Windows 常用版本内核文件收集
w1nds/numen
简单安排一下 autochk.sys 这个rootkit
w1nds/perfect-loader
Load a dynamic library from memory by modifying the native Windows loader
w1nds/ReadPhys
r/w virtual memory without attach
w1nds/RedTeaming-Tactics-and-Techniques
Red Teaming Tactics and Techniques
w1nds/TrueSightKiller
CPP AV/EDR Killer
w1nds/VX-API
Collection of various malicious functionality to aid in malware development
w1nds/Windows-10-22H2-Vulnerable-driver-communication
Allocate memory in the kernel & r/w control registers with a vulnerable driver.
w1nds/wow64ext
Another wow64ext to try to be compatible with WOW64 for all architectures.