AhrendsSchmidt
Follow
Lists (1)
Starred repositories
108
stars
written in C++
Clear filter
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
The Next Generation of Anti-Rookit(ARK) tool for Windows.
An installation and update framework for Windows desktop apps
Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
Alternative Shellcode Execution Via Callbacks
Obfuscation library based on C++11/14 and metaprogramming
Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
孤挺花(Armariris) -- 由上海交通大学密码与计算机安全实验室维护的LLVM混淆框架
Extracting Clear Text Passwords from mstsc.exe using API Hooking.
Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
The BEST DLL Injector Library.
An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
Cooolis-ms是一个包含了Metasploit Payload Loader、Cobalt Strike External C2 Loader、Reflective DLL injection的代码执行工具,它的定位在于能够在静态查杀上规避一些我们将要执行且含有特征的代码,帮助红队人员更方便快捷的从Web容器环境切换到C2环境进一步进行工作。
Tool to bypass LSA Protection (aka Protected Process Light)
Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
UAC bypass for x64 Windows 7 - 11
hijack dll Source Code Generator. support x86/x64