Source files for my posts
☆17Jun 20, 2023Updated 2 years ago
Alternatives and similar repositories for Blog-Lab
Users that are interested in Blog-Lab are comparing it to the libraries listed below
Sorting:
- ☆33Dec 22, 2020Updated 5 years ago
- research revolving the windows filtering platform callout mechanism☆39May 26, 2024Updated last year
- 正确解析 _HEAP_VS_***符号 ,支持在最新win11 24h2 运行,替换windbg自带的!pool命令☆17Nov 30, 2024Updated last year
- Dll hijack -- just one macro☆13Jul 3, 2023Updated 2 years ago
- A research project about Windows notify routines.☆38Jul 31, 2020Updated 5 years ago
- Windows NT port of 'Main is usually a function. So then when is it not?'☆27Mar 11, 2024Updated 2 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- a windows kernel keylogger that works☆20Feb 12, 2024Updated 2 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- Port of Mandiant ShellcodeHashes plugin from IDA to BinaryNinja☆11Jul 24, 2024Updated last year
- Simple command line tool to enumerate loaded WFP callout drivers☆10Feb 2, 2024Updated 2 years ago
- Source code on the 1.44MB 3.5 floppy accompanying the Windows NT File System Internals book.☆20Jul 31, 2019Updated 6 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- Right-To-Left Override POC☆35Mar 21, 2022Updated 3 years ago
- Various shell code I have written☆17Oct 9, 2020Updated 5 years ago
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆17Aug 14, 2023Updated 2 years ago
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆35Mar 28, 2023Updated 2 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆86Mar 19, 2023Updated 3 years ago
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 3 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 3 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Detect the SCI in windows.☆11Mar 23, 2017Updated 8 years ago
- ☆20Mar 15, 2023Updated 3 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- ☆14Jul 12, 2024Updated last year
- havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most…☆12May 8, 2023Updated 2 years ago
- Null-free shellcode for running calc.exe on Windows x64☆14Mar 24, 2024Updated last year
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆16Sep 4, 2020Updated 5 years ago
- 基于WFP的小型网络过滤驱动,拦截百度的DNS,感谢公司前辈们的思路与指导。☆14Aug 19, 2021Updated 4 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆38May 12, 2022Updated 3 years ago
- Windows NTLM Authentication Backdoor☆16Jan 27, 2022Updated 4 years ago
- ☆25Jul 7, 2022Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago