huoji120 / numenView external linksLinks
简单安排一下 autochk.sys 这个rootkit
☆73Mar 7, 2023Updated 2 years ago
Alternatives and similar repositories for numen
Users that are interested in numen are comparing it to the libraries listed below
Sorting:
- Reverse engineered source code of the autochk rootkit☆208Nov 1, 2019Updated 6 years ago
- 利用物理内存映射,实现虚拟内存的伪隐藏☆86Sep 15, 2022Updated 3 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- https://key08.com/index.php/2021/10/19/1375.html☆71May 11, 2022Updated 3 years ago
- Windows kernel drivers simple HTTP library for modern C++☆40Jul 12, 2018Updated 7 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- 编译时混淆字符串,以确保生成的二进制PE不会暴漏明文字符串。(C++ 14 及以上)☆29Sep 30, 2021Updated 4 years ago
- SysEye是一个window上的基于att&ck现代EDR设计思想的威胁响应工具.有效检测常见的未知威胁与已知威胁.防守方的利剑☆63Aug 23, 2022Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- 一款linux下的安全产品目的是满足个人安全需求有SSH爆破防护和SYN攻击扫描防护功能,基于netfilter,☆23Dec 2, 2023Updated 2 years ago
- 废物自救项目!一起向光而行!!!☆11May 7, 2022Updated 3 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Feb 7, 2022Updated 4 years ago
- ☆56Nov 21, 2022Updated 3 years ago
- Walks through the 4-level paging structures in Windows x64☆13Feb 12, 2023Updated 3 years ago
- UnknownField is a tool based clang that obfuscating the order of fields to protect your C/C++ game or code.☆44Jan 21, 2023Updated 3 years ago
- ☆47Feb 3, 2025Updated last year
- ☆18Mar 28, 2023Updated 2 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆220Nov 12, 2020Updated 5 years ago
- 戎码之眼是一个window上的基于att&ck模型的威胁监控�工具.有效检测常见的未知威胁与已知威胁.防守方的利剑☆536Oct 25, 2023Updated 2 years ago
- ☆27Jan 4, 2024Updated 2 years ago
- Analyze Windows x64 Kernel Memory Layout☆129Nov 19, 2020Updated 5 years ago
- ☆193May 1, 2023Updated 2 years ago
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆167May 27, 2021Updated 4 years ago
- Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.☆96Aug 26, 2025Updated 5 months ago
- 这篇文章的目的是介绍一款实验性项目基于COM命名管道或者Windows Hyper-V虚拟机Vmbus通道实现的运行在uefi上的windbg调试引擎开发心得☆44Jun 16, 2024Updated last year
- Rootkit & Anti-rootkit☆42Jan 27, 2024Updated 2 years ago
- Using NtCreateFile and NtDeviceIoControlFile to realize the function of winsock(利用NtCreateFile和NtDeviceIoControlFile 实现winsock的功能)☆127Sep 9, 2022Updated 3 years ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- ☆225Feb 21, 2023Updated 2 years ago
- It's a kernel-based keylogger for Windows x86/x64.☆145Sep 18, 2022Updated 3 years ago
- 扫描以及恢复 r3hook 类☆10Aug 29, 2021Updated 4 years ago
- Some anti-sandbox codes, copy directly to strengthen your own ShellCode☆12Dec 26, 2022Updated 3 years ago
- ☆11Jun 24, 2024Updated last year
- Windows CIFS/SMB packet generation and SMB networking library☆12Aug 25, 2020Updated 5 years ago
- it's a driver injector or driver loader header lib(Windows)☆12Aug 5, 2023Updated 2 years ago
- Windows CVE主防(HIPS/HIDS)☆57Apr 29, 2021Updated 4 years ago
- query-pdb is a server-side software for parsing PDB files. The software provides PDB online parsing service.☆166Oct 27, 2025Updated 3 months ago
- 使用 Intel 虚拟化特性实现应用层HOOK☆65Sep 11, 2025Updated 5 months ago