0xTalShang / WindowsKernel
windwos内核研究与驱动Code
☆60Updated 2 years ago
Related projects: ⓘ
- IDA Python script for generating Windows x86 shellcode with one click☆33Updated last year
- 简单安排一下 autochk.sys 这个rootkit☆64Updated last year
- 沙箱测试,测评国内常见沙箱的代码与结论☆96Updated 3 years ago
- Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&☆51Updated 2 weeks ago
- ☆63Updated this week
- 通过ACPI检测沙箱☆42Updated last year
- https://key08.com/index.php/2021/10/19/1375.html☆62Updated 2 years ago
- ☆23Updated 2 years ago
- AV Bypass Shellcode Loader☆17Updated 2 years ago
- WINDOWS黑客編程技術詳解 [Windows-Hack-Programming backup]☆41Updated 5 years ago
- power-kill is a project that kill protected processes (such as EDR or AV) by injecting shellcode into high privilege processes☆46Updated 2 years ago
- 模仿操作系统,加载pe文件到内存中☆69Updated 5 years ago
- 通杀检测基于白文件patch黑代码的免杀技术的后门☆82Updated last month
- 一个加壳工具☆62Updated 5 years ago
- Kill Protected Process Light Process (include av)☆55Updated last year
- Remote Download and Memory Execute for shellcode framework☆87Updated last year
- ☆85Updated 3 years ago
- demo抛砖引玉作为一个思路,此思路再魔改一下是可以连着主动防御整个关掉的,还在用,就不演示了☆8Updated 2 years ago
- 大数字驱动逆向代码☆66Updated 10 months ago
- shellcode生成框架☆75Updated 2 months ago
- Hades is a Host-Based Intrusion Detection System based on both eBPF(kernel) and netlink/cn_proc(userspace).☆20Updated last month
- ☆20Updated 4 months ago
- ☆31Updated 4 years ago
- Beacon compiled using clang☆58Updated last year
- 整合Pluto-Obfuscator和goron部分混淆,移植到LLVM-16.0.x,使用NewPassManager☆90Updated last year
- 利用图片隐写术来远程动态加载shellcode☆95Updated last year
- Hide processes, files, services in ring3, can help you develop Windows user-mode rootkits☆19Updated 3 months ago
- ☆13Updated this week
- 笔者的在原作者池风水利用工具(以下简称工具)基础上进行二次开发,新增了全自动获取内核调试模块符号的偏移量及配置参数和不同漏洞利用方式优化等功能, 解决了不同Windows版本适配问题,工具包括适配驱动和利用程序两部分组成,实现了在Windows 10 19H1之后任意版本包…☆77Updated 2 years ago
- vs2019 环境 Gh0st编译通过☆9Updated 2 years ago