Black Hat C++

• Black Hat C++
• The Things About C++
  • Design Patterns
  • Bit Flags
  • JSON
  • Network
  • GUI
• Security
  • Detector
  • Memory Hacking
  • Anti
  • Windwos API
  • Hook
  • Binary Analysis
  • Fuzzing
  • Executable Formats
  • Backdoor

The Things About C++

• C++ Tips of the Week
• C++那些事
• Modern C++ Tutorial - C++11/14/17/20 On the Fly
• Awesome C++
• Windows API code snippets
• Google C++ Style Guide
• Google 開源專案 C++ 風格指南

Design Patterns

• JakubVojvoda/design-patterns-cpp
• Junzhuodu/design-patterns

Bit Flags

• craft::cpp
• m-peko/bitflags
• Bitmask Operators
• enum-flags - Bit flags for C++11 scoped enums
• bitmask - A generic implementation of the BitmaskType C++ concept

JSON

• nlohmann/json - JSON for Modern C++
• simdjson/simdjson - Parsing gigabytes of JSON per second

Network

• cpp-httplib - A C++ header-only HTTP/HTTPS server and client library
• cpr - Curl for People, a spiritual port of Python Requests.
• oatpp - Light and powerful C++ web framework

GUI

• imgui - Bloat-free Graphical User interface for C++ with minimal dependencies

Security

Detector

• memhunter - Live hunting of code injection techniques
• pe-sieve - Recognizes and dumps a variety of potentially malicious implants
• hollows hunter - Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches).
• BLUESPAWN - An Active Defense and EDR software to empower Blue Teams
• CobaltStrikeDetected - 40行代码检测到大部分CobaltStrike的shellcode

Memory Hacking

• Blackbone - Windows memory hacking library
• herpaderping - bypasses security products by obscuring the intentions of a process
• pinjectra - Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques
• PowerLoaderEx - PowerLoaderEx - Advanced Code Injection Technique for x32 / x64
• FunctionStomping - A new shellcode injection technique. Given as C++ header, standalone Rust program or library.

Anti

• al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
• gargoyle - A memory scanning evasion technique
• anti-sandbox - Windows对抗沙箱和虚拟机的方法总结
• makin - reveal anti-debugging and anti-VM tricks
• obfusheader.h - portable header file for C++14 compile-time obfuscation

Windwos API

• wow64pp - A modern c++ implementation of windows heavens gate
• SysWhispers - AV/EDR evasion via direct system calls.
• SysWhispers2 - AV/EDR evasion via direct system calls.
• HWSyscalls - execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP
• CallObfuscator - Obfuscate specific windows apis with different apis
• UnhookMe - UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red Teams malware
• lazy_importer - header only library to make the life of a reverse engineer much harder.
• inline_syscall - Inline syscalls made easy for windows on clang
• RefleXXion - bypassing user-mode hooks utilised by AV/EPP/EDR etc.

Hook

• InfinityHook - Hook system calls, context switches, page faults and more.
• minhook - The Minimalistic x86/x64 API Hooking Library for Windows

Binary Analysis

• Triton - It provides internal components like a Dynamic Symbolic Execution (DSE) engine
• zasm - x86-64 Assembler based on Zydis
• retdec - RetDec is a retargetable machine-code decompiler based on LLVM.
• PinTools - Pintool example and PoC for dynamic binary analysis

Fuzzing

• libfuzzer - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.

Executable Formats

• LIEF - Library to Instrument Executable Formats

Backdoor

• IIS-Raid - A native backdoor module for Microsoft IIS