levanvn / APT32_Deobfuscate
My scripts to deobfuscate APT32 malware
☆26Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for APT32_Deobfuscate
- My conference presentations and Materials for them.☆32Updated 2 years ago
- Collection of slides☆33Updated 7 months ago
- Windows API Hashes used in the malwares☆40Updated 9 years ago
- Writeup and POC for CVE-2020-0753, CVE-2020-0754 and six fixed Window DOS Vulnerabilities.☆14Updated 4 years ago
- Weaponizing for Arbitrary Files/Directories Delete bugs to Get NT AUTHORITY\SYSTEM☆120Updated 4 years ago
- Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability☆121Updated 4 years ago
- ☆44Updated 5 years ago
- Here is python script I wrote for deobfuscation APT32 sample.☆10Updated 3 years ago
- ☆129Updated 2 years ago
- ☆23Updated last year
- ☆12Updated 4 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆99Updated 5 years ago
- PoC demonstrating the use of cve-2020-1034 for privilege escalation☆119Updated 3 years ago
- Public documents related to my talk "Bypass Windows Exploit Guard ASR" at Offensive Con 2019.☆93Updated 5 years ago
- Windows Common Log File System Driver POC☆94Updated 2 years ago
- A small utility to deal with malware embedded hashes.☆48Updated last year
- ☆22Updated 6 months ago
- WIP Emotet Control Flow Unflattening using miasm and radare2☆23Updated last year
- a State-Machine reversing exercise☆12Updated 3 years ago
- ☆49Updated 5 years ago
- Helper idapython code for reversing kmdf drivers☆67Updated 2 years ago
- Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.☆94Updated 4 years ago
- A collection of shellcode hashes☆17Updated 6 years ago
- Vulnerability analysis and proof of concepts☆32Updated last year
- IDA Pro plugin for recognizing known hashes of API function names☆82Updated 2 years ago
- ☆20Updated 4 years ago