Anti-Anti-VM solution via Windows Driver

anti anti vm dll, used to hide VMWare characteristics as files, processes, services, registry values

Protect a file from being deleted using windows kernel file system minifilter driver

哈尔滨工业大学考研 网络与空间安全 837 初试资料库

Python module that parse power builder file (PBD) and analyze code (Incomplete)

This map lists the essential techniques to bypass anti-virus and EDR

Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulne…

Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)

win32k LPE

CVE-2021-1732 Exploit

网络信息安全从业者面试指南

IBM RedCON 2020 - Throwing an AquaWrench into the Kernel

Stop Defender Service using C# via Token Impersonation

A small POC to make defender useless by removing its token privileges and lowering the token integrity

BOF combination of KillDefender and Backstab

Hidding files from WinXP FileSystem

PoC for hiding processes from Windows Task Manager by manipulating the graphic interface

Hide Process From Task Manager using Usermode API Hooking

A curated list of awesome malware persistence tools and resources.

远控免杀系列文章及配套工具，汇总测试了互联网上的几十种免杀工具、113种白名单免杀方式、8种代码编译免杀、若干免杀实战技术，并对免杀效果进行了一一测试，为远控的免杀和杀软对抗免杀提供参考。

Fuzzing tutorial with easy-to-learn labs 🚀

bypass vmp virtual machine detect

This script allows you to create various artifacts on a bare-metal Windows computer in an attempt to trick malwares that looks for VM or analysis tools