S1hatter
Follow
Stars
An EDR bypass that prevents EDRs from hooking or loading DLLs into our process by hijacking the AppVerifier layer
Vulnerable driver research tool, result and exploit PoCs
An Unsigned Driver Mapper for Windows 10 22H2 -> Windows 11 23H2 that uses PdFwKrnl to exploit the Read/Write IOCTL Calls to disable DSE & PG to map the unsigned driver.
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
canonical libwebsockets.org networking library
GBFR Logs lets you track damage statistics with a nice overlay DPS meter for Granblue Fantasy: Relink.
A BOF to determine Windows Defender exclusions.
The version of the original Mimikatz working with Windows 11, no additional edits except the compatibility ones
基于gh0st的远程控制器:实现了终端管理、进程管理、窗口管理、远程桌面、文件管理、语音管理、视频管理、服务管理、注册表管理等功能,优化全部代码及整理排版,修复内存泄漏缺陷,程序运行稳定。项目代码仅限于学习和交流用途。
A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.
sSocks fork for windows support; original: https://sourceforge.net/projects/ssocks/
sSocks fork for windows support; original: https://sourceforge.net/projects/ssocks/
The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
The code is a pingback to the Dark Vortex blog:
Server/Client SOCKS5 (RFC 1928) in Reverse mode on Windows
Computer Security project using OpenSSL to authenticate a secure connection