Lists (1)
Stars
Proof of concept code for thread pool based process injection in Windows.
A modern 64-bit position independent implant template
Dirty PoC on how to abuse S1's VEH for Vectored Syscalls and Local Execution
A slightly more fun way to disable windows defender + firewall. (through the WSC api)
The Frida-Jit-unPacker aims at helping researchers and analysts understand the behavior of packed malicious .NET samples.
Single-header, minimalistic, cross-platform hook library written in pure C
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
laZzzy is a shellcode loader, developed using different open-source libraries, that demonstrates different execution techniques.
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
Transforms a .NET binary into a chain of meaningless-looking await expressions.
openpilot is an open source driver assistance system. openpilot performs the functions of Automated Lane Centering and Adaptive Cruise Control for 250+ supported car makes and models.
A proof of concept demonstrating the DLL-load proxying using undocumented Syscalls.
bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.
Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
Abusing mhyprotect to kill AVs / EDRs / XDRs / Protected Processes.
Little tool and (header-only lib) to investigate Windows Internals. Shout out to @zodiacon. No pull requests (this is actually a mirrored Mercurial repo).