awesome-windows-security-development

by howknows

awesome-windows-security-development

136 Stars 93 Forks Last release: Not found MIT License 195 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Awesome

awesome-windows-security-development

Forked from ExpLife/awesome-windows-kernel-security-development.but...He deleted

windows kernel driver with c++ runtime

  • https://github.com/ExpLife/DriverSTL
  • https://github.com/sysprogs/BazisLib
  • https://github.com/AmrThabet/winSRDF
  • https://github.com/sidyhe/dxx
  • https://github.com/zer0mem/libc
  • https://github.com/eladraz/XDK
  • https://github.com/vic4key/Cat-Driver
  • https://github.com/AndrewGaspar/km-stl
  • https://github.com/zer0mem/KernelProject
  • https://github.com/zer0mem/miniCommon
  • https://github.com/jackqk/mystudy
  • https://github.com/yogendersolanki91/Kernel-Driver-Example

dkom

  • https://github.com/nbqofficial/HideDriver
  • https://github.com/ZhuHuiBeiShaDiao/NewHideDriverEx
  • https://github.com/landhb/HideProcess
  • https://github.com/tfairane/DKOM
  • https://github.com/Sqdwr/HideDriver

ssdt hook

  • https://github.com/int0/ProcessIsolator
  • https://github.com/mrexodia/TitanHide (x64dbg Plugin)-(DragonQuestHero Suggest)
  • https://github.com/papadp/shd
  • https://github.com/bronzeMe/SSDTHookx64
  • https://github.com/s18leoare/Hackshield-Driver-Bypass
  • https://github.com/sincoder/hidedir
  • https://github.com/wyrover/HKkernelDbg
  • https://github.com/CherryZY/ProcessProtectModule
  • https://github.com/weixu8/RegistryMonitor
  • https://github.com/nmgwddj/Learn-Windows-Drivers

eat/iat/object/irp/iat hook

  • https://github.com/xiaomagexiao/GameDll
  • https://github.com/HollyDi/Ring0Hook
  • https://github.com/mgeeky/prc_xchk
  • https://github.com/tinysec/iathook
  • https://github.com/stevemk14ebr/PolyHook

inline hook

  • https://github.com/VideoCardGuy/HideProcessInTaskmgr
  • https://github.com/MalwareTech/FstHook
  • https://github.com/Menooker/FishHook
  • https://github.com/G-E-N-E-S-I-S/latebros
  • https://bbs.pediy.com/thread-214582.htm

inject technique

  • https://github.com/VideoCardGuy/X64Injector
  • https://github.com/papadp/reflective-injection-detection (InjectFromMemory)
  • https://github.com/psmitty7373/eif (InjectFromMemory)
  • https://github.com/rokups/ReflectiveLdr (InjectFromMemory)
  • https://github.com/BenjaminSoelberg/ReflectivePELoader (InjectFromMemory)
  • https://github.com/NtRaiseHardError/Phage (InjectFromMemory)
  • https://github.com/dismantl/ImprovedReflectiveDLLInjection (InjectFromMemory)
  • https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher (InjectFromMemory)
  • https://github.com/amishsecurity/paythepony (InjectFromMemory)
  • https://github.com/deroko/activationcontexthook
  • https://github.com/georgenicolaou/HeavenInjector
  • https://github.com/tinysec/runwithdll
  • https://github.com/NtOpcode/NT-APC-Injector
  • https://github.com/caidongyun/WinCodeInjection
  • https://github.com/countercept/doublepulsar-usermode-injector
  • https://github.com/mq1n/DLLThreadInjectionDetector
  • https://github.com/hkhk366/MemoryCodesInjection
  • https://github.com/chango77747/ShellCodeInjector_MsBuild
  • https://github.com/Zer0Mem0ry/ManualMap
  • https://github.com/secrary/InfectPE
  • https://github.com/zodiacon/DllInjectionWithThreadContext
  • https://github.com/NtOpcode/RtlCreateUserThread-DLL-Injection
  • https://github.com/hasherezade/chimera_loader
  • https://github.com/Ciantic/RemoteThreader
  • https://github.com/OlSut/Kinject-x64
  • https://github.com/tandasat/RemoteWriteMonitor
  • https://github.com/stormshield/Beholder-Win32
  • https://github.com/secrary/InjectProc
  • https://github.com/AzureGreen/InjectCollection
  • https://github.com/uItra/Injectora
  • https://github.com/rootm0s/Injectors
  • https://github.com/Spajed/processrefund
  • https://github.com/al-homedawy/InjecTOR
  • https://github.com/OlSut/Kinject-x64
  • https://github.com/stormshield/Beholder-Win32
  • https://github.com/yifiHeaven/MagicWall

load Dll from memory

  • https://github.com/fancycode/MemoryModule
  • https://github.com/strivexjun/MemoryModulePP

process hollowing

  • https://github.com/Spajed/processrefund
  • https://github.com/KernelMode/Process_Doppelganging
  • https://github.com/hasherezade/process_doppelganging
  • https://github.com/m0n0ph1/Process-Hollowing
  • https://github.com/KernelMode/RunPE-ProcessHollowing
  • https://github.com/KernelMode/RunPE_Detecter

pe loader

  • https://github.com/VideoCardGuy/PELoader

dll to shellcode

  • https://github.com/w1nds/dll2shellcode

hide & delete dll

  • https://github.com/wyyqyl/HideModule

load driver from memory

  • https://github.com/Professor-plum/Reflective-Driver-Loader

hook engine

  • https://github.com/Ilyatk/HookEngine
  • https://github.com/zyantific/zyan-hook-engine
  • https://github.com/martona/mhook
  • https://github.com/EasyHook/EasyHook
  • https://github.com/RelicOfTesla/Detours

callback

  • https://github.com/JKornev/hidden
  • https://github.com/binbibi/CallbackEx
  • https://github.com/swwwolf/cbtest
  • https://github.com/nmgwddj/Learn-Windows-Drivers
  • https://github.com/SamLarenN/CallbackDisabler

minifilter

  • https://github.com/aleksk/LazyCopy
  • https://github.com/guidoreina/minivers
  • https://github.com/idkwim/mfd
  • https://github.com/Coxious/Antinvader
  • https://github.com/tandasat/Scavenger
  • https://github.com/fishfly/X70FSD
  • https://github.com/aleksk/LazyCopy
  • https://github.com/ExpLife/BKAV.Filter

virtual disk

  • https://github.com/zhaozhongshu/winvblock_vs
  • https://github.com/yogendersolanki91/Kernel-Driver-Example

virtual file system

  • https://github.com/ExpLife/CodeUMVFS
  • https://github.com/yogendersolanki91/ProcessFileSystem
  • https://github.com/BenjaminKim/dokanx

lpc

  • https://github.com/avalon1610/LPC

alpc

  • https://github.com/avalon1610/ALPC

lsp

  • https://github.com/AnwarMohamed/Packetyzer

afd

  • https://github.com/xiaomagexiao/GameDll
  • https://github.com/DeDf/afd
  • https://github.com/a252293079/NProxy

tdi

  • https://github.com/Sha0/winvblock
  • https://github.com/michael4338/TDI
  • https://github.com/cullengao/tdi_monitor
  • https://github.com/uniking/TDI-Demo
  • https://github.com/codereba/netmon

wfp

  • https://github.com/basil00/Divert
  • https://github.com/WPO-Foundation/win-shaper
  • https://github.com/raymon-tian/WFPFirewall
  • https://github.com/henrypp/simplewall
  • https://docs.microsoft.com/zh-cn/windows-hardware/drivers/network/porting-packet-processing-drivers-and-apps-to-wfp
  • https://github.com/thecybermind/ipredir
  • https://github.com/RmzVoid/RMZSol
  • https://github.com/BrunoMCBraga/Kernel-Whisperer
  • https://github.com/KBancerz/kkvpn_driver
  • https://github.com/JaredWright/WFPStarterKit

ndis

  • https://github.com/zy520321/ndis-filter
  • https://github.com/yuanmaomao/NDIS_Firewall
  • https://github.com/SoftEtherVPN/Win10Pcap
  • https://github.com/IsoGrid/NdisProtocol
  • https://github.com/lcxl/lcxl-net-loader
  • https://www.ntkernel.com/windows-packet-filter/
  • https://github.com/michael4338/NDIS
  • https://github.com/IAmAnubhavSaini/ndislwf
  • https://github.com/OpenVPN/tap-windows6
  • https://github.com/SageAxcess/pcap-ndis6
  • https://github.com/uniking/NDIS-Demo
  • https://github.com/mkdym/NDISDriverInst
  • https://github.com/debugfan/packetprot
  • https://github.com/Iamgublin/NDIS6.30-NetMonitor
  • https://github.com/nmap/npcap
  • https://github.com/Ltangjian/FireWall
  • https://github.com/Microsoft/Windows-driver-samples/tree/master/network/config/bindview
  • https://github.com/brorica/http_inject (winpcap)

wsk

  • https://github.com/reinhardvz/wsk
  • https://github.com/akayn/kbMon
  • https://github.com/02strich/audionet
  • https://github.com/mestefy/securityplus
  • https://github.com/skycipher/CNGProvider

rootkits

  • https://github.com/HoShiMin/EnjoyTheRing0
  • https://github.com/hfiref0x/ZeroAccess
  • https://github.com/hackedteam/driver-win32
  • https://github.com/hackedteam/driver-win64
  • https://github.com/csurage/Rootkit
  • https://github.com/bowlofstew/rootkit.com
  • https://github.com/Nervous/GreenKit-Rootkit
  • https://github.com/bytecode-77/r77-rootkit
  • https://github.com/Cr4sh/WindowsRegistryRootkit
  • https://github.com/Alifcccccc/Windows-Rootkits
  • https://github.com/Schnocker/NoEye
  • https://github.com/christian-roggia/open-myrtus
  • https://github.com/Cr4sh/DrvHide-PoC
  • https://github.com/mstefanowich/SquiddlyDiddly2
  • https://github.com/MalwareTech/FakeMBR
  • https://github.com/Cr4sh/PTBypass-PoC
  • https://github.com/psaneme/Kung-Fu-Malware
  • https://github.com/hasherezade/persistence_demos
  • https://github.com/MinhasKamal/TrojanCockroach
  • https://github.com/akayn/kbMon
  • https://github.com/hm200958/kmdf--analyse

mbr

  • https://github.com/Cisco-Talos/MBRFilter

bootkits

  • https://github.com/DeviceObject/rk2017
  • https://github.com/DeviceObject/ChangeDiskSector
  • https://github.com/DeviceObject/Uefi_HelloWorld
  • https://github.com/DeviceObject/ShitDrv
  • https://github.com/DeviceObject/DarkCloud
  • https://github.com/nyx0/Rovnix
  • https://github.com/MalwareTech/TinyXPB
  • https://github.com/m0n0ph1/Win64-Rovnix-VBR-Bootkit
  • https://github.com/NextSecurity/Gozi-MBR-rootkit
  • https://github.com/NextSecurity/vector-edk
  • https://github.com/ahixon/booty

uefi/smm

  • https://github.com/DeviceObject/Uefi_HelloWorld
  • https://github.com/LongSoft/UEFITool
  • https://github.com/dude719/UEFI-Bootkit
  • https://github.com/quarkslab/dreamboot
  • https://github.com/gyje/BIOS_Rootkit
  • https://github.com/scumjr/the-sea-watcher
  • https://github.com/zhuyue1314/stoned-UEFI-bootkit
  • https://github.com/hackedteam/vector-edk
  • https://github.com/Cr4sh/SmmBackdoor
  • https://github.com/Cr4sh/PeiBackdoor
  • https://github.com/Cr4sh/fwexpl

smc

  • https://github.com/marcusbotacin/Self-Modifying-Code

anti debug

  • https://github.com/strivexjun/XAntiDebug
  • https://github.com/marcusbotacin/Anti.Analysis
  • https://github.com/LordNoteworthy/al-khaser
  • https://github.com/eschweiler/ProReversing

malware

  • https://github.com/mwsrc/XtremeRAT
  • https://github.com/mwsrc/Schwarze-Sonne-RAT (delphi)
  • https://github.com/Mr-Un1k0d3r/ThunderShell (powershell)
  • https://github.com/DimChris0/LoRa
  • https://github.com/marcusbotacin/Malware.Multicore
  • https://github.com/bxlcity/malware
  • https://github.com/grcasanova/SuperVirus
  • https://github.com/hackedteam/core-win32
  • https://github.com/hackedteam/scout-win
  • https://github.com/hackedteam/vector-dropper

malware analysis

  • https://github.com/kevthehermit/RATDecoders
  • https://github.com/marcusbotacin/Malware.Variants
  • https://github.com/marcusbotacin/Hardware-Assisted-AV
  • https://github.com/gentilkiwi/spectre_meltdown
  • https://github.com/gentilkiwi/wanadecrypt
  • https://github.com/bloomer1016
  • https://github.com/CHEF-KOCH/malware-research
  • https://github.com/gentilkiwi/wanakiwi

arktools

  • https://github.com/marcusbotacin/BranchMonitoringProject
  • https://github.com/AzureGreen/ArkProtect
  • https://github.com/AzureGreen/ArkToolDrv
  • https://github.com/HollyDi/PCAssistant
  • https://github.com/ChengChengCC/Ark-tools
  • https://github.com/swatkat/arkitlib
  • https://github.com/swwwolf/wdbgark
  • https://github.com/zibility/Anti-Rootkits
  • https://github.com/SLAUC91/AntiCheat
  • https://github.com/sincoder/A-Protect
  • https://github.com/apriorit/antirootkit-anti-splicer
  • https://github.com/kedebug/ScDetective
  • https://github.com/PKRoma/ProcessHacker
  • https://github.com/AndreyBazhan/DbgExt
  • https://github.com/comaeio/SwishDbgExt
  • https://github.com/ExpLife/atomic-red-team
  • https://github.com/shenghe/pcmanager
  • https://github.com/lj1987new/guardlite
  • https://github.com/hackshields/antivirus/
  • https://github.com/AntiRootkit/BDArkit

bypass patchguard

  • https://github.com/hfiref0x/UPGDSED
  • https://github.com/tandasat/PgResarch
  • https://github.com/killvxk/DisableWin10PatchguardPoc
  • https://github.com/tandasat/findpg
  • https://github.com/zer0mem/HowToBoostPatchGuard
  • https://bbs.pediy.com/thread-214582.htm

bypass dse

  • https://github.com/hfiref0x/TDL
  • https://github.com/hfiref0x/DSEFix

HackSysExtremeVulnerableDriver

  • https://github.com/mgeeky/HEVDKernelExploit
  • https://www.fuzzysecurity.com/tutorials.html
  • https://rootkits.xyz/blog/
  • https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
  • https://github.com/k0keoyo/HEVD-Double-Free-PoC
  • https://github.com/k0keoyo/HEVD-Arbitrary-Overwrite-Exploit-Win10-rs3
  • https://github.com/tekwizz123/HEVD-Exploit-Solutions
  • https://github.com/k0keoyo/try_exploit
  • https://github.com/Cn33liz/HSEVD-VariousExploits
  • https://github.com/Cn33liz/HSEVD-StackOverflow
  • https://github.com/Cn33liz/HSEVD-StackOverflowX64
  • https://github.com/Cn33liz/HSEVD-StackCookieBypass
  • https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteGDI
  • https://github.com/Cn33liz/HSEVD-StackOverflowGDI
  • https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteLowIL
  • https://github.com/Cn33liz/HSEVD-ArbitraryOverwrite
  • https://github.com/akayn/demos

windows kernel exploits

  • https://github.com/JeremyFetiveau/Exploits
  • https://github.com/hfiref0x/Stryker
  • https://github.com/swwwolf/obderef
  • https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS
  • https://github.com/cbayet/PoolSprayer
  • https://github.com/k0keoyo/Vir.IT-explorer-Anti-Virus-Null-Pointer-Reference-PoC
  • https://github.com/k0keoyo/Driver-Loaded-PoC
  • https://github.com/k0keoyo/try_exploit
  • https://github.com/k0keoyo/CVE-2015-2546-Exploit
  • https://github.com/k0keoyo/DarkCompositioncasestudyInteger_Overflow
  • https://github.com/tinysec/vulnerability
  • https://github.com/akayn/demos
  • https://github.com/abatchy17/WindowsExploits
  • https://github.com/recodeking/WindowsExploitation
  • https://github.com/GDSSecurity/Windows-Exploit-Suggester
  • https://github.com/rwfpl/rewolf-pcausa-exploit
  • https://github.com/ratty3697/HackSpy-Trojan-Exploit
  • https://github.com/SecWiki/windows-kernel-exploits
  • https://github.com/sensepost/ms16-098
  • https://github.com/shjalayeri/sysret
  • https://github.com/sam-b/windowskernelresources
  • https://github.com/sensepost/gdi-palettes-exp
  • https://github.com/ExpLife/ByPassCfg
  • https://github.com/Rootkitsmm/WinIo-Vidix
  • https://github.com/andrewkabai/vulnwindrv
  • https://github.com/mwrlabs/CVE-2016-7255
  • https://github.com/MarkHC/HandleMaster
  • https://github.com/SamLarenN/CapcomDKOM
  • https://github.com/zerosum0x0/puppetstrings
  • https://github.com/zerosum0x0/ShellcodeDriver
  • https://github.com/Rootkitsmm/WinIo-Vidix
  • https://github.com/progmboy/kernelvulpoc
  • https://github.com/rwfpl/rewolf-msi-exploit
  • https://github.com/rwfpl/rewolf-pcausa-exploit
  • https://github.com/Rootkitsmm/Win10Pcap-Exploit
  • https://github.com/Rootkitsmm/MS15-061
  • https://github.com/Rootkitsmm/cve-2016-0040
  • https://github.com/Rootkitsmm/CVEXX-XX
  • https://github.com/sensepost/ms16-098
  • https://github.com/Trietptm-on-Security/bug-free-adventure
  • https://github.com/sam-b/CVE-2014-4113
  • https://github.com/Rootkitsmm/OpenVpn-Pool-Overflow
  • https://github.com/Rootkitsmm/UnThreatAVDriver-DOS
  • https://github.com/Cr4sh/ThinkPwn
  • https://github.com/hfiref0x/CVE-2015-1701
  • https://github.com/tyranid/windows-logical-eop-workshop
  • https://github.com/google/sandbox-attacksurface-analysis-tools
  • https://github.com/tyranid/ExploitRemotingService
  • https://github.com/tyranid/DeviceGuardBypasses
  • https://github.com/tyranid/ExploitDotNetDCOM
  • https://github.com/hatRiot/token-priv(EOP)
  • https://github.com/weizn11/MS17010_AllInOne
  • https://github.com/TeskeVirtualSystem/MS17010Test

office exploit

  • https://github.com/rxwx/CVE-2017-8570

flash exploit

  • https://github.com/brianwrf/CVE-2017-4878-Samples

sandbox escape

  • https://github.com/SilverMoonSecurity/SandboxEvasion
  • https://github.com/exAphex/SandboxEscape
  • https://github.com/Fel0ny/Sandbox-Detection
  • https://github.com/CheckPointSW/InviZzzible
  • https://github.com/MalwareTech/AppContainerSandbox
  • https://github.com/tyranid/IE11SandboxEscapes
  • https://github.com/649/Chrome-Sandbox-Exploit
  • https://github.com/google/sandbox-attacksurface-analysis-tools
  • https://github.com/conix-security/zer0m0n
  • https://github.com/iceb0y/windows-container
  • https://github.com/s7ephen/SandKit
  • https://github.com/D4Vinci/Dr0p1t-Framework
  • https://github.com/cryptolok/MorphAES
  • https://github.com/mtalbi/vm_escape
  • https://github.com/unamer/vmware_escape
  • https://github.com/erezto/lua-sandbox-escape
  • https://github.com/brownbelt/Edge-sandbox-escape
  • https://github.com/shakenetwork/vmware_escape
  • https://github.com/Cr4sh/prlguestto_host

cve

  • https://github.com/LiuCan01/cve-list-pro
  • https://github.com/CVEProject/cvelist

hips

  • https://github.com/0xdabbad00/OpenHIPS
  • https://github.com/ExpLife/NortonAntiVirusSourceCode
  • https://github.com/majian55555/MJAntiVirusEngine
  • https://github.com/develbranch/TinyAntivirus
  • https://github.com/tandasat/EopMon
  • https://github.com/tandasat/MemoryMon

vt

  • https://github.com/marche147/IoctlMon
  • https://github.com/ionescu007/SimpleVisor
  • https://github.com/zer0mem/MiniHyperVisorProject
  • https://github.com/zer0mem/ShowMeYourGongFu
  • https://github.com/zer0mem/HyperVisor
  • https://github.com/marche147/SimpleVT
  • https://github.com/DarthTon/HyperBone
  • https://github.com/nick-kvmhv/splittlb
  • https://github.com/zareprj/Vmx_Prj
  • https://github.com/ZhuHuiBeiShaDiao/MiniVTx64
  • https://github.com/tandasat/HyperPlatform
  • https://github.com/hzqst/Syscall-Monitor
  • https://github.com/asamy/ksm
  • https://github.com/in12hacker/VT64EPT
  • https://github.com/ZhuHuiBeiShaDiao/PFHook
  • https://github.com/tandasat/FU_Hypervisor
  • https://github.com/tandasat/DdiMon
  • https://github.com/tandasat/GuardMon
  • https://github.com/yqsy/VT_demo
  • https://github.com/OkazakiNagisa/VTbasedDebuggerWin7
  • https://github.com/Ouroboros/JuusanKoubou
  • https://github.com/aaa1616/Hypervisor
  • https://github.com/Nukem9/VirtualDbg
  • https://github.com/Nukem9/VirtualDbgHide
  • https://github.com/cheat-engine/cheat-engine
  • https://github.com/Kelvinhack/kHypervisor

fuzzer

  • https://github.com/bee13oy/AVKernelVulns/tree/master/Zer0Con2017
  • https://github.com/k0keoyo/kDriver-Fuzzer (Paper:https://whereisk0shl.top/post/2018-01-30)
  • https://github.com/koutto/ioctlbf
  • https://github.com/Cr4sh/ioctlfuzzer
  • https://github.com/Cr4sh/MsFontsFuzz
  • https://github.com/hfiref0x/NtCall64
  • https://github.com/Rootkitsmm/Win32k-Fuzzer
  • https://github.com/mwrlabs/KernelFuzzer
  • https://github.com/SignalSEC/kirlangic-ttf-fuzzer
  • https://github.com/demi6od/SmashingTheBrowser
  • https://github.com/marche147/IoctlMon
  • https://github.com/k0keoyo/Some-Kernel-Fuzzing-Paper

emet

  • https://github.com/codingtest/EMET

hotpatch

  • https://github.com/codingtest/windows_hotpatch

game hack

  • https://github.com/DreamHacks/dreamdota
  • https://github.com/yoie/NGPlug-in
  • https://github.com/DevelopKits/proj
  • https://github.com/VideoCardGuy/ExpTool_GUI
  • https://github.com/VideoCardGuy/Zhihu_SimpleLog
  • https://github.com/VideoCardGuy/NewYuGiOhCheatDLLx64
  • https://github.com/VideoCardGuy/Tetris
  • https://github.com/VideoCardGuy/YuGiOh
  • https://github.com/VideoCardGuy/SnakeAI
  • https://github.com/VideoCardGuy/gitAsktao
  • https://github.com/VideoCardGuy/War3Cheat
  • https://github.com/VideoCardGuy/AStar_Study
  • https://github.com/VideoCardGuy/BnsChina_SetSpeed
  • https://github.com/VideoCardGuy/LOLProjects
  • https://github.com/VideoCardGuy/NewYuGiOhCheatDLLx64
  • https://github.com/VideoCardGuy/PictureMatchGame
  • https://github.com/VideoCardGuy/AutoLoginByBnsChina
  • https://github.com/VideoCardGuy/MemoryWatchTool
  • https://github.com/VideoCardGuy/LOL_China
  • https://github.com/mlghuskie/NoBastian
  • https://github.com/G-E-N-E-S-I-S/BattlegroundsChams
  • https://github.com/luciouskami/XignCode3Bypass
  • https://github.com/luciouskami/CS-GO-Simple-Hack
  • https://github.com/luciouskami/load-self-mix
  • https://github.com/Karaulov/WarcraftIIIDLL126-127
  • https://github.com/TonyZesto/PubgPrivXcode85
  • https://github.com/luciouskami/gameguard-for-war3
  • https://github.com/PopcornEgg/LOLChangeSkin
  • https://github.com/ValveSoftware/ToGL
  • https://github.com/Karaulov/War3-SizeLimit-Bypass
  • https://github.com/F7eak/Xenon
  • https://github.com/syj2010syj/All-Star-Battle-2

symbolic execution

  • https://github.com/illera88/Ponce
  • https://github.com/gaasedelen/lighthouse

deobfuscation

  • https://github.com/SCUBSRGroup/OLLVM_Deobfuscation

taint analyse

  • https://github.com/SCUBSRGroup/Taint-Analyse

bin diff

  • https://www.zynamics.com/bindiff.html
  • https://github.com/joxeankoret/diaphora
  • https://github.com/ExpLife/binarydiffer
  • https://github.com/ExpLife/patchdiff2_ida6
  • https://github.com/ExpLife/patchdiff2

x64dbg plugin

  • https://github.com/mrexodia/TitanHide
  • https://github.com/x64dbg/InterObfu
  • https://github.com/x64dbg/ScyllaHide
  • https://github.com/Nukem9/SwissArmyKnife
  • https://github.com/x64dbg/x64dbg/wiki/Plugins

windbg plugin

  • https://github.com/VincentSe/WatchTrees

ida script & plugin

  • https://github.com/mwrlabs/windriverplugin
  • https://github.com/igogo-x86/HexRaysPyTools
  • https://github.com/techbliss/Python_editor
  • https://github.com/tmr232/Sark
  • http://sark.readthedocs.io/en/latest/debugging.html
  • https://bbs.pediy.com/thread-224627.htm (wing debugging idapython script)

rpc

  • https://github.com/gentilkiwi/basic_rpc

hash dump

  • https://github.com/gentilkiwi/mimikatz

auxiliary lib

  • https://github.com/David-Reguera-Garcia-Dreg/auxlib

ring3 nt api

  • https://github.com/Chuyu-Team/NativeLib

dll hijack

  • https://github.com/strivexjun/AheadLib-x86-x64

winpcap

  • https://github.com/klemenb/fiddly
  • http://blog.csdn.net/Ni9htMar3/article/details/54612394
  • https://www.cnblogs.com/xcj26/articles/6073411.html
  • http://www.freebuf.com/articles/system/103526.html
  • https://github.com/illahaha/zxarps (arpcheat)
  • https://github.com/sincoder/zxarps (arpcheat)

metasploit

  • https://github.com/NytroRST/NetRipper
  • https://github.com/breenmachine/RottenPotatoNG

shadow

  • https://github.com/lcxl/lcxl-shadow

http

  • https://github.com/OlehKulykov/libnhr
  • https://github.com/erickutcher/httpdownloader

https proxy

  • https://github.com/killbug2004/HttpsProxy
  • https://github.com/erickutcher/httpproxy

mitm

  • https://github.com/liuyufei/SSLKiller
  • http://blog.csdn.net/Tencent_Bugly/article/details/72626127
  • https://github.com/pfussell/pivotal

json

  • https://github.com/marcusbotacin/MyJSON

awesome

  • https://github.com/sam-b/windowskernelresources
  • https://github.com/EbookFoundation/free-programming-books
  • https://github.com/justjavac/free-programming-books-zh_CN
  • https://github.com/rmusser01/Infosec_Reference/
  • https://github.com/jshaw87/Cheatsheets
  • https://github.com/RPISEC/MBE

windows Driver Kit ddi (device driver interface) documentation

  • https://docs.microsoft.com/zh-cn/windows-hardware/drivers/ddi/
  • https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/windbg-scripting-preview

windbg preview & jsprovider

  • http://doar-e.github.io/blog/2017/12/01/debugger-data-model/

vm

  • https://github.com/tboox/vm86

tools

  • http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/

nsa security tools

  • https://github.com/exploitx3/FUZZBUNCH
  • https://github.com/fuzzbunch/fuzzbunch
  • https://github.com/peterpt/fuzzbunch

apt

  • https://github.com/CyberMonitor/APTCyberCriminalCampagin_Collections
  • https://github.com/kbandla/APTnotes
  • https://attack.mitre.org/wiki/Groups
  • https://github.com/fdiskyou/threat-INTel

3rd party library

  • https://github.com/GiovanniDicanio/WinReg
  • https://github.com/GiovanniDicanio/StopwatchWin32
  • https://github.com/Wintellect/ProcMonDebugOutput
  • https://github.com/GiovanniDicanio/ReadStringsFromRegistry
  • https://github.com/GiovanniDicanio/Utf8ConvAtlStl
  • https://github.com/GiovanniDicanio/StringPool
  • https://github.com/GiovanniDicanio/MapWithCaseInsensitiveStringKey
  • https://github.com/GiovanniDicanio/SafeArraySamples
  • https://github.com/GiovanniDicanio/TestSSO
  • https://github.com/GiovanniDicanio/DoubleNulTerminatedString
  • https://github.com/GiovanniDicanio/LoadingCedictBenchmarkCpp
  • https://github.com/GiovanniDicanio/TestStringSorting
  • https://github.com/GiovanniDicanio/UnicodeConversions
  • https://github.com/GiovanniDicanio/TestStringsAtlVsStl
  • https://github.com/GiovanniDicanio/UnicodeConversionAtl
  • https://github.com/GiovanniDicanio/StlVectorVsListPerformance

miscellaneous

  • https://github.com/gaozan198912/myproject
  • https://github.com/k0keoyo/ntoskrnl-symbol-pdb-and-undocument-structures
  • https://github.com/gentilkiwi/p11proxy
  • https://github.com/gentilkiwi/kekeo
  • https://github.com/ExpLife/ByPassCfg
  • https://github.com/hfiref0x/SXSEXP
  • https://github.com/hfiref0x/VBoxHardenedLoader
  • https://github.com/hfiref0x/SyscallTables
  • https://github.com/hfiref0x/WinObjEx64
  • https://github.com/Cr4sh/DbgCb
  • https://github.com/Cr4sh/s6pciemicroblaze
  • https://github.com/ionescu007/SpecuCheck
  • https://github.com/ionescu007/lxss
  • https://github.com/intel/haxm
  • https://github.com/akayn/Resources
  • https://github.com/DarthTon/SecureEraseWin
  • https://github.com/DarthTon/Xenos
  • https://github.com/hfiref0x/UACME
  • https://github.com/DarthTon/Blackbone
  • https://github.com/tinysec/windows-syscall-table
  • https://github.com/tinysec/jsrt
  • https://github.com/zodiacon/DriverMon
  • https://github.com/zodiacon/GflagsX
  • https://github.com/zodiacon/PEExplorer
  • https://github.com/zodiacon/KernelExplorer
  • https://github.com/zodiacon/AllTools
  • https://github.com/zodiacon/WindowsInternals
  • https://github.com/hackedteam/vector-silent
  • https://github.com/hackedteam/core-packer
  • https://github.com/hackedteam/vector-recover
  • https://github.com/k33nteam/cc-shellcoding
  • https://github.com/rwfpl/rewolf-wow64ext
  • https://github.com/rwfpl/rewolf-x86-virtualizer
  • https://github.com/rwfpl/rewolf-gogogadget
  • https://github.com/rwfpl/rewolf-dllpackager
  • https://github.com/Microsoft/ChakraCore
  • https://github.com/google/symboliclink-testing-tools
  • https://github.com/ptresearch/IntelME-JTAG
  • https://github.com/smourier/TraceSpy
  • https://github.com/G-E-N-E-S-I-S/tasklist-brutus
  • https://github.com/G-E-N-E-S-I-S/token_manipulation
  • https://github.com/jjzhang166/sdk
  • https://github.com/killswitch-GUI/HotLoad-Driver
  • https://github.com/killswitch-GUI/minidump-lib
  • https://github.com/killswitch-GUI/win32-named-pipes-example
  • https://github.com/Kelvinhack/ScreenCapAttack
  • https://github.com/tyranid/oleviewdotnet
  • https://github.com/tyranid/CANAPE.Core
  • https://github.com/tyranid/DotNetToJScript

slides

  • https://keenlab.tencent.com/zh

blogs

  • http://www.diting0x.com/
  • http://lotabout.me/archives/ (write a c interpreter)
  • http://2997ms.com/2016/10/09/2016/2016-9%E6%9C%88-%E5%90%AD%E5%93%A7%E5%92%94%E5%93%A7/
  • http://www.trueai.cn/
  • https://whereisk0shl.top
  • https://www.anquanke.com/post/id/97245
  • https://lifeinhex.com
  • https://vallejo.cc/2017/11/18/installation-and-first-contact-with-the-new-windbg/
  • http://www.vxjump.net/
  • https://channel9.msdn.com/Shows/Defrag-Tools
  • http://windbg.info/
  • http://windbg.org/
  • https://msdn.microsoft.com/en-us/library/windows/hardware/ff553217(v=vs.85).aspx
  • http://www.andreybazhan.com/
  • https://blogs.technet.microsoft.com/markrussinovich/
  • http://undocumented.ntinternals.net/
  • http://j00ru.vexillium.org/
  • https://sysprogs.com/
  • http://www.rohitab.com/
  • https://sww-it.ru/
  • http://blogs.microsoft.co.il/pavely/
  • https://www.corelan.be/
  • http://tombkeeper.blog.techweb.com.cn/
  • http://www.zer0mem.sk/
  • http://blog.rewolf.pl/blog/
  • http://www.alex-ionescu.com/
  • http://blog.cr4.sh/
  • https://rootkits.xyz/
  • https://ixyzero.com/blog/archives/3543.html
  • https://whereisk0shl.top/
  • http://www.triplefault.io/2017/09/enumerating-process-thread-and-image.html
  • http://doar-e.github.io/blog/2017/12/01/debugger-data-model/
  • https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugging-using-windbg-preview
  • https://blog.xpnsec.com/
  • https://www.fireeye.com/blog/threat-research/2018/01/simplifying-graphs-in-ida.html
  • http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/
  • http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation

web security research site

  • https://www.sec-wiki.com
  • https://www.anquanke.com/
  • http://xuanwulab.github.io/cn/secnews/2018/02/08/index.html
  • http://www.vxjump.net/
  • https://www.pediy.com/
  • https://navisec.it/

development documents

  • http://devdocs.io/
  • https://zealdocs.org/

docker

  • http://dockone.io/search/q-RG9ja09uZeaKgOacr+WIhuS6qw==#articles

leaked source code

  • https://github.com/pustladi/Windows-2000
  • https://github.com/killbug2004/NT4.0SourceCode
  • https://github.com/pustladi/TrueCrypt-7.2
  • https://github.com/pustladi/MS-DOS-v.1.1
  • https://github.com/pustladi/MS-DOS-v.2.0

crypto api

  • https://github.com/maldevel/AES256
  • https://github.com/wbenny/mini-tor
  • https://github.com/wyrover/CryptoAPI-examples
  • https://github.com/fmuecke/CryptoApi
  • https://github.com/ViartX/CacheCrypto
  • https://github.com/Deerenaros/CryptoAPIWrapper
  • https://github.com/maldevel/SHA256
  • https://github.com/13g10n/crypto

ascii banner

  • http://www.network-science.de/ascii/
  • http://www.degraeve.com/img2txt.php

book code

  • https://github.com/yifengyou/32to64
  • https://github.com/elephantos/elephant
  • https://github.com/yifengyou/Android-software-security-and-reverse-analysis
  • https://github.com/yifengyou/Code-virtualization-and-automation-analysis
  • https://github.com/yifengyou/Software-protection-and-analysis-techniques---principles-and-practices
  • https://github.com/yifengyou/X86-assembly-language-from-real-mode-to-protection-mode

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.