Source files for my posts
☆17Jun 20, 2023Updated 2 years ago
Alternatives and similar repositories for Blog-Lab
Users that are interested in Blog-Lab are comparing it to the libraries listed below
Sorting:
- ☆33Dec 22, 2020Updated 5 years ago
- research revolving the windows filtering platform callout mechanism☆39May 26, 2024Updated last year
- Makes files super hidden on NTFS☆19Aug 14, 2014Updated 11 years ago
- Dll hijack -- just one macro☆12Jul 3, 2023Updated 2 years ago
- Simple command line tool to enumerate loaded WFP callout drivers☆10Feb 2, 2024Updated 2 years ago
- Port of Mandiant ShellcodeHashes plugin from IDA to BinaryNinja☆11Jul 24, 2024Updated last year
- Null-free shellcode for running calc.exe on Windows x64☆13Mar 24, 2024Updated last year
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Unchain AMSI by patching the provider’s unmonitored memory space☆91Nov 24, 2022Updated 3 years ago
- havoc2nginx is a simple python script that converts Havoc Framework's yaotl malleable c2 profile to Nginx configuration file format. Most…☆12May 8, 2023Updated 2 years ago
- Code snippets to add on top of cobalt strike sleep mask to achieve patchless hook on AMSI and ETW☆86Mar 19, 2023Updated 2 years ago
- Source code on the 1.44MB 3.5 floppy accompanying the Windows NT File System Internals book.☆20Jul 31, 2019Updated 6 years ago
- ☆14Jul 12, 2024Updated last year
- ☆19Mar 9, 2021Updated 4 years ago
- Right-To-Left Override POC☆36Mar 21, 2022Updated 3 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- A Patchless AMSI Bypass Technique using VEH²☆30Jun 22, 2025Updated 8 months ago
- ☆13May 27, 2020Updated 5 years ago
- Detect the SCI in windows.☆11Mar 23, 2017Updated 8 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- Windows NTLM Authentication Backdoor☆16Jan 27, 2022Updated 4 years ago
- ☆20Mar 15, 2023Updated 2 years ago
- Nice try reading NTDLL from disk, nerd.☆19Apr 18, 2022Updated 3 years ago
- 正确解析 _HEAP_VS_***符号 ,支持在最新win11 24h2 运行,替换windbg自带的!pool命令☆17Nov 30, 2024Updated last year
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)☆16Sep 4, 2020Updated 5 years ago
- An easy way to convert BloodHound output files into data that can be imported into reporting software like Dradis and Plextrac. Built by …☆18Oct 15, 2020Updated 5 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- freeBokuLoader fork which targets and frees Metsrv's initial reflective DLL package☆35Mar 28, 2023Updated 2 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆38May 12, 2022Updated 3 years ago
- A research project about Windows notify routines.☆38Jul 31, 2020Updated 5 years ago
- A memory-based evasion technique which makes shellcode invisible from process start to end.☆16Aug 14, 2023Updated 2 years ago
- 基于WFP的小型网络过滤驱动,拦截百度的DNS,感谢公司前辈们的思路与指导。☆14Aug 19, 2021Updated 4 years ago
- Spawns a process from a process. Can sometimes be used to run a session > 0 process from session 0.☆20Jul 8, 2022Updated 3 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- Illustrates the concept of return address spoofing, and how it is used.☆14May 13, 2020Updated 5 years ago
- Here is a collage of reverse engineering topics that I find interesting☆16Dec 10, 2017Updated 8 years ago